Skip to content

feat(audience): warn and drop identify()/alias() calls with a malformed passport id#2899

Open
nattb8 wants to merge 1 commit into
mainfrom
feat/validate-passport-id
Open

feat(audience): warn and drop identify()/alias() calls with a malformed passport id#2899
nattb8 wants to merge 1 commit into
mainfrom
feat/validate-passport-id

Conversation

@nattb8

@nattb8 nattb8 commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Summary

Studios sometimes call identify() or alias() with identityType: 'passport' but pass their own internal user id instead of a real Passport id, and today nothing catches it, so bad data silently flows into the audience pipeline. This rejects the call (no event sent, userId untouched) and warns unconditionally (not gated behind debug) when the id doesn't match the shape Passport actually issues (connection|id or a bare UUID), so studios see the mistake immediately during local testing instead of finding it in the data warehouse later.

Test plan

  • Unit tests for isPassportIdValid (core) covering valid pipe-form ids, valid UUIDs, whitespace padding, and invalid shapes
  • Unit tests for identify()/alias(): malformed passport id warns and drops the call; warning fires without debug enabled; valid ids and non-passport identity types never warn
  • Unit tests confirming a whitespace-padded valid passport id is stored/sent trimmed, not with the padding intact (the id that's validated and the id that's stored/sent must match)
  • Sample-app UI affordance ("Fill invalid Passport ID example") and a fix so the sample app's success/drop mirroring reflects the real SDK outcome instead of always showing "ok"
  • pnpm jest passes for packages/audience/core and packages/audience/sdk
  • eslint passes on all changed files
  • tsc --noEmit passes for packages/audience/sdk

@nattb8 nattb8 changed the title Warn when identify() passport id is malformed feat(audience): warn when identify() passport id is malformed Jul 9, 2026
@nx-cloud

nx-cloud Bot commented Jul 9, 2026

Copy link
Copy Markdown

View your CI Pipeline Execution ↗ for commit b17e38b

Command Status Duration Result
nx affected -t build,lint,test ✅ Succeeded 12s View ↗
nx run-many -p @imtbl/sdk,@imtbl/checkout-widge... ✅ Succeeded 3s View ↗

💡 Verify your cache is correct by running tasks in a sandbox. Read docs ↗


☁️ Nx Cloud last updated this comment at 2026-07-10 02:02:05 UTC

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown

✅ Audience Bundle Size — @imtbl/audience

Metric Size Delta vs main (3525609)
Gzipped 19783 bytes (19.31 KB) +247 bytes
Raw (minified) 57964 bytes +708 bytes

Budget: 24.00 KB gzipped (warn at 20.00 KB)

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown

✅ Pixel Bundle Size — @imtbl/pixel

Metric Size Delta vs main
Gzipped 6674 bytes (6.51 KB) +1 bytes
Raw (minified) 18540 bytes 0 bytes

Budget: 10.00 KB gzipped (warn at 8.00 KB)

@nattb8 nattb8 force-pushed the feat/validate-passport-id branch from 19180b5 to 8217e4c Compare July 9, 2026 23:53
@nattb8 nattb8 changed the title feat(audience): warn when identify() passport id is malformed feat(audience): warn and drop identify() calls with a malformed passport id Jul 9, 2026
@nattb8 nattb8 force-pushed the feat/validate-passport-id branch 2 times, most recently from f7a2eff to 2df7fff Compare July 10, 2026 01:20
@nattb8 nattb8 changed the title feat(audience): warn and drop identify() calls with a malformed passport id feat(audience): warn and drop identify()/alias() calls with a malformed passport id Jul 10, 2026
@nattb8 nattb8 marked this pull request as ready for review July 10, 2026 01:30
@nattb8 nattb8 requested a review from a team as a code owner July 10, 2026 01:30
@nattb8 nattb8 force-pushed the feat/validate-passport-id branch from 2df7fff to 2b70a9f Compare July 10, 2026 01:30
…ed passport id

Studios sometimes call identify() or alias() with identityType passport
but pass their own internal user id instead of a real Passport id,
which silently pollutes downstream analytics. Reject the call (no-op,
no event sent, userId untouched) and warn unconditionally when the id
doesn't look like a Passport id, using the same connection|id or UUID
shape Passport actually issues. Also adds sample-app coverage for the
new behaviour.
@nattb8 nattb8 force-pushed the feat/validate-passport-id branch from 2b70a9f to b17e38b Compare July 10, 2026 01:47
@nattb8 nattb8 added this pull request to the merge queue Jul 10, 2026
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Jul 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

2 participants