Skip to content

Release 3.8.0 to main#171

Open
snehar-nd wants to merge 78 commits into
mainfrom
release-3.8.0
Open

Release 3.8.0 to main#171
snehar-nd wants to merge 78 commits into
mainfrom
release-3.8.0

Conversation

@snehar-nd

@snehar-nd snehar-nd commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

📋 Description

JIRA ID:

Please provide a summary of the change and the motivation behind it. Include relevant context and details.


✅ Type of Change

  • 🐞 Bug fix (non-breaking change which resolves an issue)
  • New feature (non-breaking change which adds functionality)
  • 🔥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • 🛠 Refactor (change that is neither a fix nor a new feature)
  • ⚙️ Config change (configuration file or build script updates)
  • 📚 Documentation (updates to docs or readme)
  • 🧪 Tests (adding new or updating existing tests)
  • 🎨 UI/UX (changes that affect the user interface)
  • 🚀 Performance (improves performance)
  • 🧹 Chore (miscellaneous changes that don't modify src or test files)

ℹ️ Additional Information

Please describe how the changes were tested, and include any relevant screenshots, logs, or other information that provides additional context.

Summary by CodeRabbit

  • New Features

    • Added new RMNCH data endpoints and sync capabilities for beneficiary records.
    • Expanded beneficiary profiles with additional reproductive, ABHA, and family-related details.
    • Improved RMNCH data enrichment during beneficiary lookups.
  • Bug Fixes

    • Updated data retrieval to handle multiple matching records more reliably.
    • Added safer checks to reduce errors when related RMNCH data is missing.
  • Chores

    • Bumped the project version to 3.8.0.

5Amogh and others added 30 commits September 25, 2025 11:54
* fix: ES Implementation-mapping, indexing and async records

* fix: add service for ES Search

* fix: search implementation

* fix: add additional fields as per the requirement

* fix: comment extra fields

* fix: rename the files, remove commented code

* fix: update pom.xml

* fix: revert advancesearch

* fix: add properties

* fix: coderabbit comments

* fix: remove comment code

* fix: accept numeric values for search

* fix: update the env variable

* fix: advance search functionality

* fix: update the advance search ES functionality

* fix: sync and fetch benid

* fix: size limit issue

* fix: improve response time

* fix: updated the end point to advancedSearchES
* fix: optimize the index and reduce the size

* fix: align indent

* fix: abha / health id issue

* fix: sync optimization

* fix: get abha created date

* fix: state issue

* fix: village issue

* fix: add abha details

* fix: abha fix and refresh index

* fix: refresh index

* fix: remove duplicate dependency

* fix: fuzzy search, resume, refresh api's

* fix: add middlename, maritalstatus

* fix: remove refresh while bulk indexing

* fix: add license
* fix: ES Exception

* fix: ES exception
* fix: ES Exception

* fix: ES exception
* fix: enable multi-word fuzzy search requirement

* Downgrade version from 3.6.2 to 3.6.1
* fix: column mismatch issue

* fix: update marital status
add new column in rmnch table for death and child record
* feat(health,version): add health and version endpoints

* feat(health,version): add health and version endpoints without auth

* fix(health):  remove unused private methods

* fix(health): fix exception issue

* fix(health): redact error details for unauthenticated health checks

* fix code quality issues and reduce cognitive complexity

* feat(health): add MySQL health endpoint

* refactor(health): simplify MySQL health check and remove sensitive details

* fix(health): remove unused imports and variables

* refactor(health): address nitpicks (configurable ES scheme, log noise, graceful shutdown, record)

* fix(health): scope PROCESSLIST lock-wait check to application DB user

* refactor(health): remove unused params and reuse response/error constants

* fix(health): remove unused imports and methods

* chore(health): clean up unused imports, params, and dead helpers

* fix(health): avoid sharing JDBC connections across threads in advanced MySQL checks

* refactor(health): reuse REDIS_COMPONENT constant and extract nested try block

* fix(health): avoid blocking DB I/O under write lock and restore interrupt flag

* fix(health): cancel in-flight futures on generic failure

* feat(health,version): add index existance, read-only detection, canary write for elasticsearch health check

* refactor(health): reduce cognitive complexity, remove dead throws, and clean code smells
* fix: enable multi-word fuzzy search requirement (#139)

* fix: enable multi-word fuzzy search requirement

* Downgrade version from 3.6.2 to 3.6.1

* fix: multi-word search (#140)

* Fix the column mismatch issue in beneficiary search (#142)

* fix: column mismatch issue

* fix: update marital status

* add new column in rmnch table for death and child record

* add new column in rmnch table for death and child record

* Cherry-pick health and version API enhancements to release-3.6.1 (#145)

* feat(health,version): add health and version endpoints

* feat(health,version): add health and version endpoints without auth

* fix(health):  remove unused private methods

* fix(health): fix exception issue

* fix(health): redact error details for unauthenticated health checks

* fix code quality issues and reduce cognitive complexity

* feat(health): add MySQL health endpoint

* refactor(health): simplify MySQL health check and remove sensitive details

* fix(health): remove unused imports and variables

* refactor(health): address nitpicks (configurable ES scheme, log noise, graceful shutdown, record)

* fix(health): scope PROCESSLIST lock-wait check to application DB user

* refactor(health): remove unused params and reuse response/error constants

* fix(health): remove unused imports and methods

* chore(health): clean up unused imports, params, and dead helpers

* fix(health): avoid sharing JDBC connections across threads in advanced MySQL checks

* refactor(health): reuse REDIS_COMPONENT constant and extract nested try block

* fix(health): avoid blocking DB I/O under write lock and restore interrupt flag

* fix(health): cancel in-flight futures on generic failure

* feat(health,version): add index existance, read-only detection, canary write for elasticsearch health check

* refactor(health): reduce cognitive complexity, remove dead throws, and clean code smells

---------

Co-authored-by: Saurav Mishra <saurav.mishra@bizbrolly.com>
Co-authored-by: Saurav Mishra <80103738+SauravBizbRolly@users.noreply.github.com>
Co-authored-by: KOPPIREDDY DURGA PRASAD <144464542+DurgaPrasad-54@users.noreply.github.com>
* fix: add the missing properties

* fix: update db url
convertIdentityEditDTOToMBeneficiarydetail() was missing sexualOrientationID
and sexualOrientationType, so the field was never persisted on update.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

This PR adds an RMNCH beneficiary lookup endpoint, extends RMNCH data sync with ABHA/health-ID mapping via external FHIR calls, adds a post-registration save method, converts several RMNCH repository queries to return Lists instead of single entities, and adds new fields (abhaId, familyId, reproductiveStatus) across entities and DTOs.

Changes

RMNCH Data Sync, ABHA Mapping, and Repository Changes

Layer / File(s) Summary
Repository return-type changes to List
src/main/java/com/iemr/common/identity/repo/rmnch/*
Multiple RMNCH repository query methods (getByBenRegID, getByRegID, getByHouseHoldID) now return List<...> instead of single entities, with supporting imports and JPQL formatting updates.
New entity/DTO fields
.../data/rmnch/RMNCHBeneficiaryDetailsRmnch.java, .../data/rmnch/RMNCHMBeneficiarydetail.java, .../dto/BeneficiariesDTO.java, .../dto/IdentityDTO.java
Adds abhaId/familyId fields to RMNCH entities and reproductiveStatus/reproductiveStatusId fields to beneficiary DTOs.
IdentityService RMNCH lookup and enrichment
.../service/IdentityService.java
Adds getRmnchDataByBenID helper, refactors RMNCH enrichment to check list emptiness before indexing, and populates reproductive status fields in getBeneficiariesDTO.
New IdentityController endpoint
.../controller/IdentityController.java
Adds POST /getRmnchDataByBenRedID endpoint returning RMNCH beneficiary details or a 500 error.
RmnchDataSyncService contract update
.../service/rmnch/RmnchDataSyncService.java
Updates syncDataToAmrit signature with an authorization parameter and adds saveBeneficiaryDetailsAfterRegistration.
RmnchDataSyncServiceImpl sync flow and ABHA integration
.../service/rmnch/RmnchDataSyncServiceImpl.java, src/main/resources/application.properties
Implements authorization-aware sync with empty-check guards, adds mapHealthIDToBeneficiary REST integration, partitionList helper, saveBeneficiaryDetailsAfterRegistration upsert logic, wrapped exception logging, and a new mapHealthIDToBeneficiary config property.
RMNCHMobileAppController endpoint updates
.../controller/rmnch/RMNCHMobileAppController.java
Updates syncDataToAmrit to require a jwttoken header and adds syncDataToAmritByHwc endpoint with JSON body validation and typed responses.

Estimated code review effort: 4 (Complex) | ~60 minutes

Sequence Diagram(s)

sequenceDiagram
  participant MobileApp
  participant RMNCHMobileAppController
  participant RmnchDataSyncServiceImpl
  participant FHIRService
  participant Database

  MobileApp->>RMNCHMobileAppController: POST /rmnch/syncDataToAmritByHwc
  RMNCHMobileAppController->>RmnchDataSyncServiceImpl: saveBeneficiaryDetailsAfterRegistration(benId, benRegId, request)
  RmnchDataSyncServiceImpl->>Database: upsert RMNCHMBeneficiarydetail
  RmnchDataSyncServiceImpl-->>RMNCHMobileAppController: result

  MobileApp->>RMNCHMobileAppController: POST /rmnch/syncDataToAmrit (jwttoken)
  RMNCHMobileAppController->>RmnchDataSyncServiceImpl: syncDataToAmrit(requestOBJ, authorization)
  RmnchDataSyncServiceImpl->>Database: check existing records (empty-check)
  RmnchDataSyncServiceImpl->>FHIRService: mapHealthIDToBeneficiary(authorization, abhaId, ...)
  FHIRService-->>RmnchDataSyncServiceImpl: response
  RmnchDataSyncServiceImpl->>Database: persist synced entities
  RmnchDataSyncServiceImpl-->>RMNCHMobileAppController: sync result
Loading

Related Issues: None referenced.

Related PRs: None referenced.

Suggested labels: enhancement, rmnch, backend

Suggested reviewers: None specified.

🐰 A hop through data, list by list,
ABHA ids join the beneficiary tryst,
New fields sprout where none stood before,
Sync flows widen through the RMNCH door,
Carrots counted, records aligned once more.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately reflects that this PR merges the 3.8.0 release branch into main.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@sonarqubecloud

sonarqubecloud Bot commented Jul 3, 2026

Copy link
Copy Markdown

Quality Gate Failed Quality Gate failed

Failed conditions
1 Security Hotspot

See analysis details on SonarQube Cloud

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
src/main/java/com/iemr/common/identity/data/rmnch/RMNCHMBeneficiarydetail.java (1)

39-42: 🗄️ Data Integrity & Integration | 🟠 Major | 🏗️ Heavy lift

Avoid two writable entities for i_beneficiarydetails
RMNCHMBeneficiarydetail and MBeneficiarydetail both map to i_beneficiarydetails, and the RMNCH repo persists this entity. Because the RMNCH model only covers a subset of the columns, writes from either path can overwrite shared fields on the same row. Use a single entity here or make the RMNCH type read-only/projection-only.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@src/main/java/com/iemr/common/identity/data/rmnch/RMNCHMBeneficiarydetail.java`
around lines 39 - 42, RMNCHMBeneficiarydetail and MBeneficiarydetail both map to
i_beneficiarydetails, creating two writable entities for the same table. Update
RMNCHMBeneficiarydetail so it is not used for persistence in the RMNCH flow:
either replace it with the existing MBeneficiarydetail entity in the RMNCH
repository/service path, or make RMNCHMBeneficiarydetail
read-only/projection-only and ensure no save/update operations use it.
🧹 Nitpick comments (2)
src/main/java/com/iemr/common/identity/controller/rmnch/RMNCHMobileAppController.java (1)

75-79: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Avoid printStackTrace() and echoing the raw exception to the client. Line 77 should log via SLF4J instead of printStackTrace(), and appending the exception object into the response (line 78) can leak internal details to callers. Prefer a generic client message while logging the full stack trace server-side.

♻️ Suggested change
-		} catch (Exception e) {
-			logger.error("Error in RMNCH mobile data sync : {} " , e.getMessage());
-			e.printStackTrace();
-			response.setError(5000, "Error in RMNCH mobile data sync : " + e);
-		}
+		} catch (Exception e) {
+			logger.error("Error in RMNCH mobile data sync", e);
+			response.setError(5000, "Error in RMNCH mobile data sync");
+		}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@src/main/java/com/iemr/common/identity/controller/rmnch/RMNCHMobileAppController.java`
around lines 75 - 79, The exception handling in RMNCHMobileAppController’s sync
path should not use printStackTrace() or expose the raw Exception in the
response. In the catch block, replace the console stack trace with proper SLF4J
logging using the logger, including the exception object so the full stack trace
is recorded server-side, and change response.setError(...) to return a generic
client-facing message without appending e.getMessage() or e.
src/main/java/com/iemr/common/identity/service/rmnch/RmnchDataSyncServiceImpl.java (1)

313-322: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

partitionList appears unused. SonarCloud flags this private helper as never called. Remove it unless it's wired up elsewhere in this change.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@src/main/java/com/iemr/common/identity/service/rmnch/RmnchDataSyncServiceImpl.java`
around lines 313 - 322, The private helper partitionList in
RmnchDataSyncServiceImpl is currently unused and flagged as dead code, so either
remove it entirely if no other method references it or wire it into the relevant
batching logic where list partitioning is needed. Check the surrounding sync
flow in RmnchDataSyncServiceImpl for any intended batch processing usage before
keeping it.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/main/java/com/iemr/common/identity/controller/IdentityController.java`:
- Around line 323-324: The new endpoint in IdentityController is missing the
standard Swagger documentation and its path appears to contain a typo. Update
the `@PostMapping` on getRmnchDataByBenID to use the intended benRegID-style route
instead of the current “BenRedID” spelling, and add an `@Operation` summary like
the other controller methods so the endpoint is documented in SpringDoc Swagger
UI.

In `@src/main/java/com/iemr/common/identity/repo/rmnch/RMNCHBenDetailsRepo.java`:
- Around line 40-51: The getByBenRegID query in RMNCHBenDetailsRepo returns
multiple RMNCHMBeneficiarydetail rows without a deterministic order, but
RmnchDataSyncServiceImpl relies on .get(0). Update the `@Query` so the result is
consistently ordered before selection, using a stable field on
RMNCHMBeneficiarydetail such as beneficiaryDetailsId or createdDate, and keep
the method signature unchanged so the service always picks the same row.

In
`@src/main/java/com/iemr/common/identity/service/rmnch/RmnchDataSyncServiceImpl.java`:
- Line 342: The logging in RmnchDataSyncServiceImpl is exposing sensitive data:
remove the INFO-level authorization token log and avoid logging full
request/response bodies with PII. Update the relevant sync method(s) around the
authorization handling and the request/response logging to either حذف these
statements or downgrade them to DEBUG with redaction of sensitive fields such as
bearer token, ABHA number, name, and DOB. Keep only non-sensitive contextual
logs in the affected code paths.
- Around line 200-203: Guard the nullable fields used in the ABHA sync branch of
RmnchDataSyncServiceImpl before calling mapHealthIDToBeneficiary. The current
check only verifies obj.getAbhaId(), but obj.getDob(), obj.getBenRegId(), and
obj.getBenficieryid() are still dereferenced/unboxed and can fail the
transaction. Add null checks (or safe defaults/skip logic) around these inputs
in the same block so the sync continues without aborting when any required value
is missing.

---

Outside diff comments:
In
`@src/main/java/com/iemr/common/identity/data/rmnch/RMNCHMBeneficiarydetail.java`:
- Around line 39-42: RMNCHMBeneficiarydetail and MBeneficiarydetail both map to
i_beneficiarydetails, creating two writable entities for the same table. Update
RMNCHMBeneficiarydetail so it is not used for persistence in the RMNCH flow:
either replace it with the existing MBeneficiarydetail entity in the RMNCH
repository/service path, or make RMNCHMBeneficiarydetail
read-only/projection-only and ensure no save/update operations use it.

---

Nitpick comments:
In
`@src/main/java/com/iemr/common/identity/controller/rmnch/RMNCHMobileAppController.java`:
- Around line 75-79: The exception handling in RMNCHMobileAppController’s sync
path should not use printStackTrace() or expose the raw Exception in the
response. In the catch block, replace the console stack trace with proper SLF4J
logging using the logger, including the exception object so the full stack trace
is recorded server-side, and change response.setError(...) to return a generic
client-facing message without appending e.getMessage() or e.

In
`@src/main/java/com/iemr/common/identity/service/rmnch/RmnchDataSyncServiceImpl.java`:
- Around line 313-322: The private helper partitionList in
RmnchDataSyncServiceImpl is currently unused and flagged as dead code, so either
remove it entirely if no other method references it or wire it into the relevant
batching logic where list partitioning is needed. Check the surrounding sync
flow in RmnchDataSyncServiceImpl for any intended batch processing usage before
keeping it.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 30aabf9b-28a3-41be-ab4d-d9c1facfb350

📥 Commits

Reviewing files that changed from the base of the PR and between 6e0d0f7 and 83b6046.

📒 Files selected for processing (17)
  • pom.xml
  • src/main/java/com/iemr/common/identity/controller/IdentityController.java
  • src/main/java/com/iemr/common/identity/controller/rmnch/RMNCHMobileAppController.java
  • src/main/java/com/iemr/common/identity/data/rmnch/RMNCHBeneficiaryDetailsRmnch.java
  • src/main/java/com/iemr/common/identity/data/rmnch/RMNCHMBeneficiarydetail.java
  • src/main/java/com/iemr/common/identity/dto/BeneficiariesDTO.java
  • src/main/java/com/iemr/common/identity/dto/IdentityDTO.java
  • src/main/java/com/iemr/common/identity/repo/rmnch/RMNCHBenDetailsRepo.java
  • src/main/java/com/iemr/common/identity/repo/rmnch/RMNCHBeneficiaryDetailsRmnchRepo.java
  • src/main/java/com/iemr/common/identity/repo/rmnch/RMNCHBornBirthDetailsRepo.java
  • src/main/java/com/iemr/common/identity/repo/rmnch/RMNCHCBACDetailsRepo.java
  • src/main/java/com/iemr/common/identity/repo/rmnch/RMNCHHouseHoldDetailsRepo.java
  • src/main/java/com/iemr/common/identity/repo/rmnch/RMNCHMBenRegIdMapRepo.java
  • src/main/java/com/iemr/common/identity/service/IdentityService.java
  • src/main/java/com/iemr/common/identity/service/rmnch/RmnchDataSyncService.java
  • src/main/java/com/iemr/common/identity/service/rmnch/RmnchDataSyncServiceImpl.java
  • src/main/resources/application.properties

Comment on lines +323 to +324
@PostMapping("/getRmnchDataByBenRedID")
public ResponseEntity<RMNCHBeneficiaryDetailsRmnch> getRmnchDataByBenID(@RequestBody BigInteger object) {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟠 Major | ⚡ Quick win

Likely typo in endpoint path and missing Swagger @Operation annotation.

/getRmnchDataByBenRedID looks like a typo of "BenRegID" (the service method underneath is getRmnchDataByBenID, and the domain concept is benRegID throughout the file). Since this is a brand-new endpoint, fixing the name now avoids baking a typo into the public API surface. Also, every other endpoint here carries an @Operation summary for Swagger docs; this one doesn't.

+	`@Operation`(summary = "Get RMNCH data by beneficiary registration id")
-	`@PostMapping`("/getRmnchDataByBenRedID")
+	`@PostMapping`("/getRmnchDataByBenRegID")
 	public ResponseEntity<RMNCHBeneficiaryDetailsRmnch> getRmnchDataByBenID(`@RequestBody` BigInteger object) {

As per coding guidelines, **/controller/**/*.java: "Use SpringDoc OpenAPI (Swagger UI) for API documentation accessible at /swagger-ui.html".

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
@PostMapping("/getRmnchDataByBenRedID")
public ResponseEntity<RMNCHBeneficiaryDetailsRmnch> getRmnchDataByBenID(@RequestBody BigInteger object) {
`@Operation`(summary = "Get RMNCH data by beneficiary registration id")
`@PostMapping`("/getRmnchDataByBenRegID")
public ResponseEntity<RMNCHBeneficiaryDetailsRmnch> getRmnchDataByBenID(`@RequestBody` BigInteger object) {
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/main/java/com/iemr/common/identity/controller/IdentityController.java`
around lines 323 - 324, The new endpoint in IdentityController is missing the
standard Swagger documentation and its path appears to contain a typo. Update
the `@PostMapping` on getRmnchDataByBenID to use the intended benRegID-style route
instead of the current “BenRedID” spelling, and add an `@Operation` summary like
the other controller methods so the endpoint is documented in SpringDoc Swagger
UI.

Source: Coding guidelines

Comment on lines +40 to +51

@Query("""
SELECT t
FROM RMNCHMBeneficiarydetail t
WHERE t.id IN (
SELECT m.benDetailsId
FROM RMNCHMBeneficiarymapping m
WHERE m.benRegId = :beneficiaryRegID
)
""")
List<RMNCHMBeneficiarydetail> getByBenRegID(
@Param("beneficiaryRegID") BigInteger beneficiaryRegID);

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== repo file ==\n'
sed -n '1,140p' src/main/java/com/iemr/common/identity/repo/rmnch/RMNCHBenDetailsRepo.java

printf '\n== usages ==\n'
rg -n "getByBenRegID\\(" src/main/java

printf '\n== service excerpt ==\n'
sed -n '140,230p' src/main/java/com/iemr/common/identity/service/impl/RmnchDataSyncServiceImpl.java

printf '\n== related entities ==\n'
rg -n "class RMNCHMBeneficiary(mapping|detail)|`@Table`|`@OrderBy`|`@OneToMany`|`@ManyToOne`" src/main/java/com/iemr/common/identity -g '*.java'

Repository: PSMRI/Identity-API

Length of output: 2763


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== service excerpt ==\n'
sed -n '160,210p' src/main/java/com/iemr/common/identity/service/rmnch/RmnchDataSyncServiceImpl.java

printf '\n== mapping entity ==\n'
sed -n '1,240p' src/main/java/com/iemr/common/identity/data/rmnch/RMNCHMBeneficiarymapping.java

printf '\n== detail entity ==\n'
sed -n '1,240p' src/main/java/com/iemr/common/identity/data/rmnch/RMNCHMBeneficiarydetail.java

printf '\n== repo/entity references ==\n'
rg -n "benRegId|benDetailsId|`@Id`|`@OneToMany`|`@ManyToOne`|`@JoinColumn`|`@OrderBy`|`@UniqueConstraint`|unique = true" src/main/java/com/iemr/common/identity/data/rmnch src/main/java/com/iemr/common/identity/service/rmnch -g '*.java'

Repository: PSMRI/Identity-API

Length of output: 12835


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== benDetailsId usages ==\n'
rg -n "setBenDetailsId|getBenDetailsId|benDetailsId" src/main/java -g '*.java'

printf '\n== benRegId usages ==\n'
rg -n "setBenRegId|getBenRegId|benRegId" src/main/java -g '*.java'

printf '\n== ddl/schema hints ==\n'
rg -n "i_beneficiarymapping|beneficiarymapping|BenDetailsId|BenRegId|unique constraint|UNIQUE" . -g '*.{sql,java,xml,yml,yaml,properties}'

Repository: PSMRI/Identity-API

Length of output: 50374


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== DDL / migration hits ==\n'
rg -n "i_beneficiarymapping|i_beneficiarydetails|BenRegId|BenDetailsId|UNIQUE|unique" src/main/resources src/main/java -g '*.{sql,xml,yml,yaml,properties,java}' | head -n 200

printf '\n== RMNCH detail-related repos ==\n'
sed -n '1,120p' src/main/java/com/iemr/common/identity/repo/rmnch/RMNCHBeneficiaryDetailsRmnchRepo.java

printf '\n== mapping-repo methods near benRegId ==\n'
sed -n '35,120p' src/main/java/com/iemr/common/identity/repo/rmnch/RMNCHMBenRegIdMapRepo.java

Repository: PSMRI/Identity-API

Length of output: 32316


Make the first beneficiary detail selection deterministic. RmnchDataSyncServiceImpl reads .get(0) from this list, but there’s no ORDER BY here, so when multiple rows match the same beneficiaryRegID the updated record can vary across executions. Sort by a stable column like beneficiaryDetailsId (or createdDate) before taking the first row.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/main/java/com/iemr/common/identity/repo/rmnch/RMNCHBenDetailsRepo.java`
around lines 40 - 51, The getByBenRegID query in RMNCHBenDetailsRepo returns
multiple RMNCHMBeneficiarydetail rows without a deterministic order, but
RmnchDataSyncServiceImpl relies on .get(0). Update the `@Query` so the result is
consistently ordered before selection, using a stable field on
RMNCHMBeneficiarydetail such as beneficiaryDetailsId or createdDate, and keep
the method signature unchanged so the service always picks the same row.

Comment on lines +200 to +203
if (obj.getAbhaId()!=null && !obj.getAbhaId().isEmpty()) {
mapHealthIDToBeneficiary(authorization,obj.getBenRegId().longValue(),obj.getBenficieryid().longValue(),obj.getAbhaId(),obj.getCreatedBy(),obj.getFirstName(),obj.getLastName(),obj.getDob().toString(),obj.getProviderServiceMapID());

}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🔴 Critical | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== File outline ==\n'
ast-grep outline src/main/java/com/iemr/common/identity/service/rmnch/RmnchDataSyncServiceImpl.java --view expanded || true

printf '\n== Relevant lines 170-230 ==\n'
sed -n '170,230p' src/main/java/com/iemr/common/identity/service/rmnch/RmnchDataSyncServiceImpl.java

printf '\n== Search for mapHealthIDToBeneficiary definition/usages ==\n'
rg -n "mapHealthIDToBeneficiary" src/main/java/com/iemr/common/identity/service/rmnch/RmnchDataSyncServiceImpl.java src/main/java -S

printf '\n== Search for getDob/getBenRegId/getBenficieryid handling in file ==\n'
rg -n "getDob\\(|getBenRegId\\(|getBenficieryid\\(" src/main/java/com/iemr/common/identity/service/rmnch/RmnchDataSyncServiceImpl.java -S

Repository: PSMRI/Identity-API

Length of output: 7931


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== Lines 140-210 ==\n'
sed -n '140,210p' src/main/java/com/iemr/common/identity/service/rmnch/RmnchDataSyncServiceImpl.java

printf '\n== mapHealthIDToBeneficiary signature/body lines 324-390 ==\n'
sed -n '324,390p' src/main/java/com/iemr/common/identity/service/rmnch/RmnchDataSyncServiceImpl.java

printf '\n== Types / field declarations for RMNCHBeneficiaryDetailsRmnch ==\n'
fd -a "RMNCHBeneficiaryDetailsRmnch.java" src/main/java || true

Repository: PSMRI/Identity-API

Length of output: 5772


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== RMNCHBeneficiaryDetailsRmnch fields ==\n'
sed -n '1,260p' src/main/java/com/iemr/common/identity/data/rmnch/RMNCHBeneficiaryDetailsRmnch.java

printf '\n== RMNCHMBeneficiarydetail repo methods around getByBenRegID ==\n'
rg -n "getByBenRegID|getRegID|getBenficieryid|setBenRegId|setDob" src/main/java/com/iemr/common/identity -S

printf '\n== Any validation/nonnull annotations on benficieryid or dob ==\n'
rg -n "`@NotNull`|`@Nullable`|`@NotBlank`|`@JsonProperty`|benficieryid|dob" src/main/java/com/iemr/common/identity/data/rmnch/RMNCHBeneficiaryDetailsRmnch.java src/main/java/com/iemr/common/identity -S

Repository: PSMRI/Identity-API

Length of output: 29599


Guard nullable ABHA inputs here. obj.getDob() is dereferenced with .toString(), and obj.getBenRegId() / obj.getBenficieryid() are also unboxed with .longValue(), so a missing value will abort the sync and roll back the transaction.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@src/main/java/com/iemr/common/identity/service/rmnch/RmnchDataSyncServiceImpl.java`
around lines 200 - 203, Guard the nullable fields used in the ABHA sync branch
of RmnchDataSyncServiceImpl before calling mapHealthIDToBeneficiary. The current
check only verifies obj.getAbhaId(), but obj.getDob(), obj.getBenRegId(), and
obj.getBenficieryid() are still dereferenced/unboxed and can fail the
transaction. Add null checks (or safe defaults/skip logic) around these inputs
in the same block so the sync continues without aborting when any required value
is missing.

} catch (Exception ex) {
logger.warn("DOB format conversion failed, sending original DOB : {}", dob);
}
logger.info("Authorization Token : {}", authorization);

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Do not log the JWT/authorization token. Logging the bearer token at INFO level leaks a credential into application logs, allowing anyone with log access to impersonate the caller against the FHIR service.

Also note lines 376 and 393 log the full request body (ABHA number, name, DOB) and response body, which is PII; consider dropping these to DEBUG and redacting sensitive fields.

🔒 Proposed change
-		  logger.info("Authorization Token : {}", authorization);
+		  logger.debug("Calling mapHealthIDToBeneficiary for benRegID={}", benRegID);
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
logger.info("Authorization Token : {}", authorization);
logger.debug("Calling mapHealthIDToBeneficiary for benRegID={}", benRegID);
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@src/main/java/com/iemr/common/identity/service/rmnch/RmnchDataSyncServiceImpl.java`
at line 342, The logging in RmnchDataSyncServiceImpl is exposing sensitive data:
remove the INFO-level authorization token log and avoid logging full
request/response bodies with PII. Update the relevant sync method(s) around the
authorization handling and the request/response logging to either حذف these
statements or downgrade them to DEBUG with redaction of sensitive fields such as
bearer token, ABHA number, name, and DOB. Keep only non-sensitive contextual
logs in the affected code paths.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants