Merge pull request #38047 from appsmithorg/cherry-pick/idToken-missing

fix: Only updating the required fields in User while generating usage…

app/server/appsmith-server/src/main/java/com/appsmith/server/repositories/ce/CustomUserRepositoryCE.java

@@ -3,6 +3,7 @@
 import com.appsmith.server.acl.AclPermission;
 import com.appsmith.server.domains.User;
 import com.appsmith.server.repositories.AppsmithRepository;
+import org.springframework.data.mongodb.core.query.UpdateDefinition;
 import reactor.core.publisher.Mono;
 
 public interface CustomUserRepositoryCE extends AppsmithRepository<User> {
@@ -12,4 +13,6 @@ public interface CustomUserRepositoryCE extends AppsmithRepository<User> {
     Mono<User> findByEmailAndTenantId(String email, String tenantId);
 
     Mono<Boolean> isUsersEmpty();
+
+    Mono<Integer> updateById(String id, UpdateDefinition updateObj);
 }

app/server/appsmith-server/src/main/java/com/appsmith/server/repositories/ce/CustomUserRepositoryCEImpl.java

@@ -3,11 +3,14 @@
 import com.appsmith.server.acl.AclPermission;
 import com.appsmith.server.constants.FieldName;
 import com.appsmith.server.domains.User;
+import com.appsmith.server.exceptions.AppsmithError;
+import com.appsmith.server.exceptions.AppsmithException;
 import com.appsmith.server.helpers.ce.bridge.Bridge;
 import com.appsmith.server.helpers.ce.bridge.BridgeQuery;
 import com.appsmith.server.projections.IdOnly;
 import com.appsmith.server.repositories.BaseAppsmithRepositoryImpl;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.data.mongodb.core.query.UpdateDefinition;
 import reactor.core.publisher.Mono;
 
 import java.util.HashSet;
@@ -50,4 +53,12 @@ protected Set<String> getSystemGeneratedUserEmails() {
         systemGeneratedEmails.add(FieldName.ANONYMOUS_USER);
         return systemGeneratedEmails;
     }
+
+    @Override
+    public Mono<Integer> updateById(String id, UpdateDefinition updateObj) {
+        if (id == null) {
+            return Mono.error(new AppsmithException(AppsmithError.INVALID_PARAMETER, FieldName.ID));
+        }
+        return queryBuilder().byId(id).updateFirst(updateObj);
+    }
 }

app/server/appsmith-server/src/main/java/com/appsmith/server/services/ce/UsagePulseServiceCEImpl.java

@@ -7,6 +7,8 @@
 import com.appsmith.server.dtos.UsagePulseDTO;
 import com.appsmith.server.exceptions.AppsmithError;
 import com.appsmith.server.exceptions.AppsmithException;
+import com.appsmith.server.helpers.ce.bridge.Bridge;
+import com.appsmith.server.helpers.ce.bridge.BridgeUpdate;
 import com.appsmith.server.repositories.UsagePulseRepository;
 import com.appsmith.server.services.ConfigService;
 import com.appsmith.server.services.SessionUserService;
@@ -83,19 +85,21 @@ public Mono<UsagePulse> createPulse(UsagePulseDTO usagePulseDTO) {
                 return save(usagePulse);
             }
             usagePulse.setIsAnonymousUser(false);
-            User updateUser = new User();
+            BridgeUpdate updateUserObj = Bridge.update();
+
             String hashedEmail = user.getHashedEmail();
             if (StringUtils.isEmpty(hashedEmail)) {
                 hashedEmail = DigestUtils.sha256Hex(user.getEmail());
                 // Hashed user email is stored to user for future mapping of user and pulses
-                updateUser.setHashedEmail(hashedEmail);
+                updateUserObj.set(User.Fields.hashedEmail, hashedEmail);
             }
             usagePulse.setUser(hashedEmail);
-            updateUser.setLastActiveAt(Instant.now());
-            // Avoid updating policies
-            updateUser.setPolicies(null);
 
-            return userService.updateWithoutPermission(user.getId(), updateUser).then(save(usagePulse));
+            updateUserObj.set(User.Fields.lastActiveAt, Instant.now());
+
+            return userService
+                    .updateWithoutPermission(user.getId(), updateUserObj)
+                    .then(save(usagePulse));
         });
     }
 

app/server/appsmith-server/src/main/java/com/appsmith/server/services/ce/UserServiceCE.java

@@ -8,6 +8,7 @@
 import com.appsmith.server.dtos.UserSignupDTO;
 import com.appsmith.server.dtos.UserUpdateDTO;
 import com.appsmith.server.services.CrudService;
+import org.springframework.data.mongodb.core.query.UpdateDefinition;
 import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
@@ -30,6 +31,8 @@ public interface UserServiceCE extends CrudService<User, String> {
 
     Mono<User> userCreate(User user, boolean isAdminUser);
 
+    Mono<Integer> updateWithoutPermission(String id, UpdateDefinition updateObj);
+
     Mono<User> updateCurrentUser(UserUpdateDTO updates, ServerWebExchange exchange);
 
     Mono<Boolean> isUsersEmpty();

app/server/appsmith-server/src/main/java/com/appsmith/server/services/ce/UserServiceCEImpl.java

@@ -43,6 +43,7 @@
 import org.apache.hc.core5.http.message.BasicNameValuePair;
 import org.apache.hc.core5.net.WWWFormCodec;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.mongodb.core.query.UpdateDefinition;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
@@ -568,6 +569,15 @@ public Mono<User> updateWithoutPermission(String id, User update) {
         return userFromRepository.flatMap(existingUser -> this.update(existingUser, update));
     }
 
+    @Override
+    public Mono<Integer> updateWithoutPermission(String id, UpdateDefinition updateObj) {
+        Mono<User> userFromRepository = repository
+                .findById(id)
+                .switchIfEmpty(Mono.error(new AppsmithException(AppsmithError.NO_RESOURCE_FOUND, FieldName.USER, id)));
+
+        return userFromRepository.flatMap(existingUser -> repository.updateById(id, updateObj));
+    }
+
     private Mono<User> update(User existingUser, User userUpdate) {
 
         // The password is being updated. Hash it first and then store it