Skip to content

CP-14193 Add external_id persistence tests#73

Merged
bernardodsanderson merged 1 commit into
mainfrom
CP-14193
Jun 18, 2026
Merged

CP-14193 Add external_id persistence tests#73
bernardodsanderson merged 1 commit into
mainfrom
CP-14193

Conversation

@bernardodsanderson

Copy link
Copy Markdown
Collaborator

CP-14193

What

Adds test coverage confirming DocuSeal already persists the submitter external_id field end-to-end — through both the service layer and the API request path. No production code changes.

Why

ATS will now send external_id (ats-user-<id>) on every submitter so it can match submitters by stable user id instead of mutable email. These tests pin DocuSeal's existing pass-through behavior so it cannot regress silently.

How to test

bundle exec rspec spec/lib/submissions/create_from_submitters_spec.rb spec/requests/submissions_spec.rb

What
Adds test coverage confirming DocuSeal already persists the submitter
`external_id` field end-to-end — through both the service layer and the
API request path. No production code changes.

Why
ATS will now send `external_id` (`ats-user-<id>`) on every submitter so
it can match submitters by stable user id instead of mutable email.
These tests pin DocuSeal's existing pass-through behavior so it cannot
regress silently.

How to test
bundle exec rspec spec/lib/submissions/create_from_submitters_spec.rb \
  spec/requests/submissions_spec.rb
Comment on lines +98 to +100
template.submitters.map.with_index do |s, index|
{ 'uuid' => s['uuid'], 'email' => Faker::Internet.email,
'external_id' => "ats-user-#{index + 1}" }.with_indifferent_access

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Part of me wonders if we should encrypt the payload somehow so that we're not transmitting plain IDs, but I won't block this PR over that, just something to think about 🤔

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤔 The user IDs are already exposed in ATS URLs/views (they're database PKs), the external_id is never browser-visible (matching is server-side via slug lookup), and we're already transmitting plain task-assignment-#{id} in the same payload unencrypted. I'm not sure this is worth it at this point.

@bernardodsanderson bernardodsanderson merged commit 6c4a975 into main Jun 18, 2026
5 checks passed
@bernardodsanderson bernardodsanderson deleted the CP-14193 branch June 18, 2026 18:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants