feat(ids-api): Use syslumenn api to verify delegation.

[valurefugl]

https://www.notion.so/Add-legal-representative-hard-check-when-user-chooses-delegation-848df5969a6d4c898f5ff648d386e71a?pvs=4

What

Use syslumenn api to verify delegation.

Why

To be sure that legal representative delegation still exists before authenticating.

Screenshots / Gifs

Attach Screenshots / Gifs to help reviewers understand the scope of the pull request

Checklist:

• I have performed a self-review of my own code
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• Formatting passes locally with my changes
• I have rebased against main before asking for a review

Summary by CodeRabbit

Release Notes

• New Features

  • Enhanced delegation management capabilities to ensure accurate handling of delegations and their associated scopes.
  • Introduced a new method for verifying delegations at the provider level, improving the delegation verification process.
  • Added new configuration parameters for the SYSLUMENN API, enhancing service connectivity across different environments.

• Bug Fixes

  • Resolved issues related to delegation checks and improved handling of invalid records.

• Documentation

  • Updated API specifications with new endpoints and data structures for improved clarity.

• Tests

  • Expanded test coverage for delegation verification scenarios and authorization capabilities.

[coderabbitai]

Walkthrough

The changes enhance delegation management within the DelegationScopeService and DelegationsIncomingService by integrating new dependencies and methods for verifying and managing delegations. The DelegationScopeService now includes functionality to check for existing delegations and clean up invalid records, while the DelegationsIncomingService introduces a method for verifying delegations at the provider level. Additionally, the module structure has been updated to include new services and types, reflecting a comprehensive approach to delegation handling. Configuration changes across multiple services have also been made to support the Syslumenn API.

Changes

File	Change Summary
libs/auth-api-lib/src/lib/delegations/delegation-scope.service.ts	Enhanced DelegationScopeService with new dependencies and a method for checking delegations and retrieving scopes.
libs/auth-api-lib/src/lib/delegations/delegations-incoming.service.ts	Added verifyDelegationAtProvider method to enhance delegation verification and streamline logging practices.
libs/auth-api-lib/src/lib/delegations/delegations.module.ts	Updated module to include new services and types, improving delegation handling capabilities.
apps/services/auth/admin-api/infra/auth-admin-api.ts	Introduced new configuration parameters for Syslumenn API, including host, timeout, and authentication secrets.
apps/services/auth/delegation-api/infra/delegation-api.ts	Added new configuration parameters for Syslumenn API, including host, timeout, and authentication secrets.
apps/services/auth/ids-api/infra/ids-api.ts	Introduced configuration settings for Syslumenn API, including host, timeout, and authentication secrets.
apps/services/auth/personal-representative/infra/personal-representative.ts	Added configuration settings for Syslumenn API, including host, timeout, and authentication secrets.
apps/services/auth/public-api/infra/auth-public-api.ts	Enhanced configuration for Syslumenn API, consolidating imports and adding host, timeout, and authentication secrets.
charts/identity-server/values.dev.yaml	Added environment variables for Syslumenn API across multiple service configurations.
charts/identity-server/values.prod.yaml	Introduced environment variables for Syslumenn API across multiple service configurations.
charts/identity-server/values.staging.yaml	Added environment variables for Syslumenn API across multiple service configurations.

Possibly related PRs

• feat(auth-api-lib): add support for delegation types to api-scopes #14887: Adds support for delegation types to API scopes, directly related to the main PR's enhancements in delegation management.
• feat(ids-auth): adding @skagafjordur.is/ibuagatt to delegation config #14913: Updates delegation configuration, which may relate to the new delegation functionalities introduced in the main PR.
• feat(delegations): Verifu usage of ASDT instead of PRSP #15060: Verifies the usage of delegation types, aligning with the main PR's focus on managing delegations and their types.
• feat(ids-admin): start using new delegation fields in IDS-admin #15068: Introduces new delegation fields in the IDS-admin, which connects to the enhancements made in the main PR regarding delegation management.
• feat(auth-admin): General mandate delegation type #16005: Introduces a new delegation type called "GeneralMandate," which is relevant to the main PR's focus on enhancing delegation management capabilities.
• feat(ids-admin): Delegation-Delegation-Type #16068: Adds support for the LegalRepresentative delegation type, which is directly related to the delegation management changes in the main PR.
• feat(portals-admin-ids-admin): Add LegalRepresentative delegation type #16069: Adds the LegalRepresentative delegation type to the test suite, which is relevant to the changes made in the main PR regarding delegation types.
• fix(services-auth-admin-api): Fix delegation settings #15968: Fixes the delegation type reset issue when adding new types, which is pertinent to the delegation management improvements in the main PR.
• fix(auth-admin-api): Add missing xroad config to auth admin api #15988: Adds missing X-Road configuration to the auth admin API, which may relate to the delegation management context in the main PR.
• fix(auth-admin-api): Fix delegation type reset when adding new type #16016: Fixes the delegation type reset issue when adding new types, which is pertinent to the delegation management improvements in the main PR.

Suggested reviewers

• Herdismaria
• baering

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  -- I pushed a fix in commit <commit_id>, please review it.
  -- Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  -- @coderabbitai generate unit testing code for this file.
  -- @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  -- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  -- @coderabbitai read src/utils.ts and generate unit testing code.
  -- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  -- @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 21

Outside diff range and nitpick comments (7)

apps/services/auth/ids-api/src/app/delegations/delegation-verification-result.dto.ts (1)

6-7: Enhance API documentation with property description

Consider adding a description to the @ApiProperty() decorator for the verified property to improve the generated Swagger documentation and provide additional context.

Apply this diff to include a description:

 @IsBoolean()
-@ApiProperty()
+@ApiProperty({ description: 'Indicates whether the delegation has been successfully verified.' })
 verified!: boolean

apps/services/auth/ids-api/src/app/delegations/delegations.controller.ts (1)

117-137: Add unit and integration tests for the new verify endpoint

To ensure the new verify endpoint functions correctly and to prevent future regressions, please add unit and integration tests covering various scenarios, including success cases and handling of invalid inputs.

Do you want me to help generate test cases or open a new GitHub issue to track this task?

apps/services/auth/ids-api/src/app/delegations/test/delegations-filters.spec.ts (2)

168-175: Ensure test case handles unexpected failures gracefully

In the test verifying a valid legal representative, consider adding assertions to check that the response body contains all expected properties and handle potential unexpected failures to improve test robustness.

Add additional assertions:

173           expect(res.status).toEqual(200)
174           expect(res.body.verified).toEqual(true)
    +      expect(res.body).toHaveProperty('verified')
    +      expect(typeof res.body.verified).toBe('boolean')

---

177-187: Improve test description for clarity

The description of the second test could be more specific to indicate that it is testing the scenario with a non-existing legal representative. This enhances readability and understanding of the test purpose.

Update the test description:

177 -       it(`GET ${path} returns non-verified response`, async () => {
177 +       it(`GET ${path} returns non-verified response for non-existing legal representative`, async () => {

libs/auth-api-lib/src/lib/delegations/delegation-scope.service.ts (2)

275-279: Include error details in the log message

In the catch block of findDistrictCommissionersRegistryScopesTo, the error is logged without including the error details. Including the error message can aid in debugging and diagnosing issues.

Apply this diff to include the error details:

} catch (error) {
  logger.error(
-    `Failed checking if delegation exists at provider '${AuthDelegationProvider.DistrictCommissionersRegistry}'`,
+    `Failed checking if delegation exists at provider '${AuthDelegationProvider.DistrictCommissionersRegistry}': ${error.message}`,
  )
}

---

376-384: Add braces to conditional statement for clarity

In the findAllScopesTo method, the conditional statement checking for DistrictCommissionersRegistry provider lacks braces around the block of code. This can lead to maintenance issues and reduce code readability.

Apply this diff to add braces for better clarity:

if (
  providers.includes(AuthDelegationProvider.DistrictCommissionersRegistry)
)
-  scopePromises.push(
+{
+  scopePromises.push(
    this.findDistrictCommissionersRegistryScopesTo(
      user.nationalId,
      fromNationalId,
      delegationTypes,
    ),
  )
+}

libs/clients/syslumenn/src/clientConfig.json (1)

1608-1608: Inconsistent Indentation in the Parameters Section

There's an indentation issue at line 1608, which may affect the JSON structure. Ensure consistent formatting for better readability and to prevent parsing errors.

Consider adjusting the indentation:

             "name": "malsnumer",
             "in": "query",
-                "x-nullable": true
+            "x-nullable": true

Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

Commits

Files that changed from the base of the PR and between e8480d9 and 81a229e.

Files selected for processing (13)

• apps/services/auth/delegation-api/src/app/app.module.ts (2 hunks)
• apps/services/auth/ids-api/src/app/app.module.ts (3 hunks)
• apps/services/auth/ids-api/src/app/delegations/delegation-verification-result.dto.ts (1 hunks)
• apps/services/auth/ids-api/src/app/delegations/delegations.controller.ts (3 hunks)
• apps/services/auth/ids-api/src/app/delegations/test/delegations-filters.spec.ts (2 hunks)
• apps/services/auth/ids-api/src/app/delegations/test/delegations-scopes.spec.ts (3 hunks)
• apps/services/auth/ids-api/test/setup.ts (4 hunks)
• apps/services/auth/public-api/src/app/app.module.ts (2 hunks)
• libs/auth-api-lib/src/lib/delegations/delegation-scope.service.ts (5 hunks)
• libs/auth-api-lib/src/lib/delegations/delegations-incoming.service.ts (3 hunks)
• libs/auth-api-lib/src/lib/delegations/delegations.module.ts (2 hunks)
• libs/clients/syslumenn/src/clientConfig.json (135 hunks)
• libs/clients/syslumenn/src/lib/syslumennClient.service.ts (2 hunks)

Additional context used

Path-based instructions (13)

apps/services/auth/ids-api/src/app/delegations/delegation-verification-result.dto.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

apps/services/auth/public-api/src/app/app.module.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

apps/services/auth/delegation-api/src/app/app.module.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

apps/services/auth/ids-api/src/app/app.module.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

apps/services/auth/ids-api/src/app/delegations/delegations.controller.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

libs/auth-api-lib/src/lib/delegations/delegations.module.ts (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

apps/services/auth/ids-api/test/setup.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

apps/services/auth/ids-api/src/app/delegations/test/delegations-scopes.spec.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

apps/services/auth/ids-api/src/app/delegations/test/delegations-filters.spec.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

libs/auth-api-lib/src/lib/delegations/delegations-incoming.service.ts (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

libs/auth-api-lib/src/lib/delegations/delegation-scope.service.ts (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

libs/clients/syslumenn/src/lib/syslumennClient.service.ts (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

libs/clients/syslumenn/src/clientConfig.json (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

Additional comments not posted (16)

apps/services/auth/ids-api/src/app/delegations/delegation-verification-result.dto.ts (2)

1-2: Imports are appropriate and necessary

The imported modules ApiProperty and IsBoolean are correctly included for validation and API documentation purposes.

---

4-8: DTO is well-defined and adheres to NestJS best practices

The DelegationVerificationResult class is properly defined with the necessary validation and API documentation decorators, aligning with NestJS conventions for Data Transfer Objects.

apps/services/auth/public-api/src/app/app.module.ts (1)

48-48: Ensure correct configuration loading for SyslumennClientConfig

SyslumennClientConfig has been added to the load array in ConfigModule.forRoot. Verify that the configuration values are correctly set and that any services depending on SyslumennClientConfig are properly utilizing it.

Run the following script to confirm usage of SyslumennClientConfig:

apps/services/auth/delegation-api/src/app/app.module.ts (1)

13-13: Integration of SyslumennClientConfig is appropriate

The addition of SyslumennClientConfig to the imports and the configuration load array correctly integrates the Syslumenn client configuration into the application module. This change aligns with the PR objective to verify delegations using the Syslumenn API.

Also applies to: 54-54

apps/services/auth/ids-api/src/app/app.module.ts (3)

14-14: Addition of SyslumennClientConfig import is appropriate

The import of SyslumennClientConfig from @island.is/clients/syslumenn correctly includes the necessary configuration for the Syslumenn client integration.

---

32-32: Imported PasskeysModule correctly

The import statement for PasskeysModule ensures that the passkey functionalities are properly included in the module.

---

72-72: Included SyslumennClientConfig in ConfigModule's load array

Adding SyslumennClientConfig to the load array of ConfigModule.forRoot ensures that the configuration is loaded and available for dependency injection throughout the application.

libs/auth-api-lib/src/lib/delegations/delegations.module.ts (1)

5-7: Integration of new modules and services aligns with PR objectives.

The additions of SyslumennClientModule and the related delegation services and models enhance the module's functionality for verifying delegations via the syslumenn API, as intended. The imports and module configuration appear correct.

Also applies to: 13-14, 18-37, 63-63

apps/services/auth/ids-api/test/setup.ts (1)

25-25: Appropriate use of createNationalId for test data

Importing createNationalId is suitable for generating test national IDs in your test scenarios.

apps/services/auth/ids-api/src/app/delegations/test/delegations-filters.spec.ts (1)

135-188: Test cases for delegation verification are well-implemented

The new test suite effectively verifies the delegation verification functionality for both valid and invalid legal representatives. The tests are correctly structured and follow best practices for integration testing in NestJS.

libs/auth-api-lib/src/lib/delegations/delegations-incoming.service.ts (1)

71-71: Integration of syslumennService looks good

The syslumennService has been properly injected, enabling communication with the Syslumenn API for delegation verification.

libs/auth-api-lib/src/lib/delegations/delegation-scope.service.ts (1)

Line range hint 9-43: Verify that new dependencies are properly registered and configured

The SyslumennService and DelegationsIndexService have been added as dependencies. Ensure that they are properly provided and configured in the module, and that any necessary environment variables or configurations are updated.

Run the following script to check if the services are properly registered:

Verification successful

---

Verification successful: Dependencies properly configured

The SyslumennClientModule and DelegationScopeService (which includes DelegationsIndexService) are correctly imported, provided, and configured in the auth-api-lib's DelegationsModule. This ensures that these services are available for dependency injection throughout the module and in any modules that import DelegationsModule.

• SyslumennClientModule is imported and included in the module's imports array.
• DelegationScopeService is provided and exported by the DelegationsModule.

The module structure follows NestJS best practices, indicating a well-organized approach to handling delegations and related services.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify that SyslumennService and DelegationsIndexService are provided in the module.

# Check for SyslumennService import and provider
rg --type ts --glob '**/delegations.module.ts' -A 10 'SyslumennService'

# Check for DelegationsIndexService import and provider
rg --type ts --glob '**/delegations.module.ts' -A 10 'DelegationsIndexService'

Length of output: 2738

---

Script:

#!/bin/bash
# Description: Search for SyslumennService in other module files and check for a separate Syslumenn module

# Search for SyslumennService in all module files within auth-api-lib
rg --type ts --glob '**/auth-api-lib/**/*.module.ts' -A 10 'SyslumennService'

# Check if there's a separate Syslumenn module
fd -e ts -p 'syslumenn.*module' libs/auth-api-lib

# If a Syslumenn module is found, check if it's imported in the DelegationsModule
rg --type ts --glob '**/delegations.module.ts' 'import.*Syslumenn.*Module'

Length of output: 335

---

Script:

#!/bin/bash
# Description: Verify SyslumennClientModule configuration and exports

# Check if SyslumennClientModule is in the imports array of DelegationsModule
rg --type ts --glob '**/delegations.module.ts' -A 20 'imports.*SyslumennClientModule'

# Check the exports of SyslumennClientModule
rg --type ts --glob '**/syslumenn/syslumenn-client.module.ts' -A 10 'exports'

Length of output: 314

---

Script:

#!/bin/bash
# Description: Verify project structure and locate relevant files

# List directory structure
find . -type d -maxdepth 3

# Search for delegations.module.ts
find . -name "delegations.module.ts"

# Search for files containing SyslumennClientModule
grep -r "SyslumennClientModule" .

# If delegations.module.ts is found, check its contents
delegations_module=$(find . -name "delegations.module.ts" | head -n 1)
if [ ! -z "$delegations_module" ]; then
    echo "Contents of delegations.module.ts:"
    cat "$delegations_module"
fi

Length of output: 19009

---

Script:

#!/bin/bash
# Description: Verify SyslumennClientModule import and DelegationScopeService provision in auth-api-lib

# Check the contents of auth-api-lib's delegations.module.ts
cat ./libs/auth-api-lib/src/lib/delegations/delegations.module.ts

# Search for DelegationScopeService provision
grep -n "DelegationScopeService" ./libs/auth-api-lib/src/lib/delegations/delegations.module.ts

Length of output: 4185

libs/clients/syslumenn/src/lib/syslumennClient.service.ts (1)

694-695: Verify date comparison logic

Ensure that the date comparison in the delegation validity check handles gildirTil correctly, especially if gildirTil might be a string or in a different time zone. Confirm that delegation.gildirTil and startOfDay(new Date()) are compatible for comparison.

libs/clients/syslumenn/src/clientConfig.json (3)

530-534: Potential Security Concern: Avoid Passing Sensitive Data in Query Parameters

Passing sensitive information like "kennitala" in query parameters may expose it in server logs or browser history, leading to potential PII leakage. Consider using a POST request with the "kennitala" included in the request body or ensure that proper encryption and security measures are in place to protect this data.

[security]

---

3777-3788: Missing Required Fields in LogradamadurSvar Definition

The LogradamadurSvar schema does not specify required fields. If kennitala and gildirTil are mandatory, they should be included in the "required" array to enforce validation.

Please confirm whether these fields are required:

 "LogradamadurSvar": {
   "type": "object",
+  "required": [
+    "kennitala",
+    "gildirTil"
+  ],
   "properties": {
     "kennitala": {
       "type": "string"
     },
     "gildirTil": {
       "type": "string",
       "format": "date-time"
     }
   }
 },

---

700-702: Typographical Error in Endpoint Path

The endpoint path "/api/Starfsrettindi/api/Starfsrettindi/{audkenni}" appears to have a duplicated segment "api/Starfsrettindi". It should likely be "/api/Starfsrettindi/{audkenni}". Please verify and correct the path to prevent routing issues.

Apply this diff to fix the endpoint path:

-"/api/Starfsrettindi/api/Starfsrettindi/{audkenni}": {
+"/api/Starfsrettindi/{audkenni}": {

Likely invalid or redundant comment.

[codecov]

Codecov Report

Attention: Patch coverage is 89.28571% with 12 lines in your changes missing coverage. Please review.

Project coverage is 36.72%. Comparing base (9c26661) to head (532d2a8).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...ients/syslumenn/src/lib/syslumennClient.service.ts	46.15%	7 Missing ⚠️
...ib/src/lib/delegations/delegation-scope.service.ts	77.77%	4 Missing ⚠️
...rc/lib/delegations/delegations-incoming.service.ts	93.33%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #16029      +/-   ##
==========================================
+ Coverage   36.68%   36.72%   +0.04%     
==========================================
  Files        6759     6761       +2     
  Lines      138993   138935      -58     
  Branches    39477    39429      -48     
==========================================
+ Hits        50983    51029      +46     
+ Misses      88010    87906     -104     

Flag	Coverage Δ
api	3.39% <ø> (ø)
api-domains-auth-admin	48.86% <ø> (ø)
api-domains-mortgage-certificate	35.64% <46.15%> (-0.09%)	⬇️
application-api-files	57.59% <ø> (ø)
application-core	71.62% <ø> (+0.08%)	⬆️
application-system-api	41.56% <46.15%> (-0.01%)	⬇️
application-template-api-modules	23.61% <46.15%> (-0.01%)	⬇️
application-templates-accident-notification	22.14% <ø> (ø)
application-templates-car-recycling	3.12% <ø> (ø)
application-templates-criminal-record	26.63% <ø> (ø)
application-templates-driving-license	18.63% <ø> (ø)
application-templates-estate	12.34% <ø> (ø)
application-templates-example-payment	25.41% <ø> (ø)
application-templates-financial-aid	14.34% <ø> (ø)
application-templates-general-petition	23.68% <ø> (ø)
application-templates-health-insurance	26.62% <ø> (ø)
application-templates-inheritance-report	6.45% <ø> (ø)
application-templates-marriage-conditions	15.23% <ø> (ø)
application-templates-mortgage-certificate	43.96% <ø> (ø)
application-templates-parental-leave	30.15% <ø> (ø)
application-ui-components	1.28% <ø> (ø)
application-ui-shell	21.29% <ø> (ø)
clients-syslumenn	49.62% <46.15%> (-0.14%)	⬇️
services-auth-admin-api	50.45% <59.45%> (-2.39%)	⬇️
services-auth-delegation-api	58.12% <55.22%> (-3.19%)	⬇️
services-auth-ids-api	51.97% <85.88%> (-2.17%)	⬇️
services-auth-personal-representative	45.64% <61.03%> (-2.22%)	⬇️
services-auth-personal-representative-public	41.61% <53.84%> (-2.16%)	⬇️
services-auth-public-api	49.35% <56.52%> (-2.58%)	⬇️
services-user-notification	47.16% <ø> (ø)
services-user-profile	62.28% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
apps/services/auth/admin-api/src/app/app.module.ts	100.00% <100.00%> (ø)
...services/auth/delegation-api/src/app/app.module.ts	100.00% <100.00%> (ø)
apps/services/auth/ids-api/src/app/app.module.ts	100.00% <100.00%> (ø)
.../delegations/delegation-verification-result.dto.ts	100.00% <100.00%> (ø)
...src/app/delegations/delegation-verification.dto.ts	100.00% <100.00%> (ø)
...-api/src/app/delegations/delegations.controller.ts	82.50% <100.00%> (+4.37%)	⬆️
...auth/personal-representative/src/app/app.module.ts	100.00% <100.00%> (ø)
...pps/services/auth/public-api/src/app/app.module.ts	100.00% <100.00%> (ø)
...-api-lib/src/lib/delegations/delegations.module.ts	100.00% <100.00%> (ø)
...rc/lib/delegations/delegations-incoming.service.ts	97.54% <93.33%> (-0.65%)	⬇️
... and 2 more

... and 12 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9c26661...532d2a8. Read the comment docs.

[datadog-island-is]

Datadog Report

All test runs a7df097 🔗

✅ 29 Total Test Services: 0 Failed, 29 Passed
🔻 Test Sessions change in coverage: 10 decreased, 1 increased (+0.11%), 96 no change

Test Services

This report shows up to 10 services

Service Name	Failed	Known Flaky	New Flaky	Passed	Skipped	Total Time	Code Coverage Change	Test Service View
api	0	0	0	4	0	3.05s	1 no change	Link
api-domains-auth-admin	0	0	0	18	0	13.99s	1 no change	Link
api-domains-mortgage-certificate	0	0	0	5	0	19.63s	1 decreased (-0.21%)	Link
application-api-files	0	0	0	12	0	6.11s	1 no change	Link
application-core	0	0	0	90	0	20.33s	1 increased (+0.11%)	Link
application-system-api	0	0	0	111	2	3m 25.13s	1 decreased (-0.02%)	Link
application-template-api-modules	0	0	0	109	0	1m 51.76s	1 decreased (-0.01%)	Link
application-templates-accident-notification	0	0	0	98	0	20.35s	1 no change	Link
application-templates-criminal-record	0	0	0	2	0	11.74s	1 no change	Link
services-auth-delegation-api	0	0	0	256	0	2m 53.85s	1 decreased (-8.92%)	Link

🔻 Code Coverage Decreases vs Default Branch (10)

This report shows up to 5 code coverage decreases.

• services-auth-delegation-api - jest 51.34% (-8.92%) - Details
• services-auth-public-api - jest 45.86% (-6.88%) - Details
• services-auth-admin-api - jest 46.46% (-6.47%) - Details
• services-auth-personal-representative - jest 44.03% (-5.99%) - Details
• services-auth-personal-representative-public - jest 40.73% (-5.14%) - Details

[coderabbitai]

Actionable comments posted: 2

Outside diff range and nitpick comments (3)

libs/clients/syslumenn/src/clientConfig.json (3)

941-957: Enhance Response Descriptions for the PUT Method of /v1/Heimagistingar/{audkenni}

The response descriptions for the PUT method are currently empty, which may lead to confusion for API consumers. Providing clear descriptions improves the API documentation and developer experience.

Apply this diff to add meaningful descriptions:

"responses": {
  "200": {
-   "description": ""
+   "description": "Success"
  },
  "401": {
    "x-nullable": false,
-   "description": ""
+   "description": "Unauthorized"
    "schema": {
      "$ref": "#/definitions/ProblemDetails"
    }
  },
  "default": {
    "x-nullable": false,
-   "description": ""
+   "description": "Error"
    "schema": {
      "$ref": "#/definitions/ProblemDetails"
    }
  }
},

---

3877-3879: Specify Format for Date Property utgefid in HeimagistingDetail

The utgefid property likely represents a date. Specifying the format as "date-time" ensures correct data parsing and validation.

Apply this diff to include the format:

"utgefid": {
  "type": "string",
+ "format": "date-time"
}

---

Line range hint 1498-1510: Avoid Using a Generic Root-Level Path Parameter /{audkenni}

Defining the endpoint /{audkenni} at the root level can lead to routing conflicts and ambiguity in the API. It's best practice to include a specific path segment to prevent collisions with other endpoints.

Apply this diff to modify the endpoint path:

- "/{audkenni}": {
+ "/api/Erfdafjarskattur/{audkenni}": {

Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 9076f72 and 2a2b9f1.

Files selected for processing (1)

• libs/clients/syslumenn/src/clientConfig.json (7 hunks)

Additional context used

Path-based instructions (1)

libs/clients/syslumenn/src/clientConfig.json (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

[coderabbitai]

Actionable comments posted: 1

Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 2a2b9f1 and 82925e2.

Files selected for processing (7)

• apps/services/auth/ids-api/infra/ids-api.ts (2 hunks)
• apps/services/auth/ids-api/src/app/delegations/test/delegations-scopes.spec.ts (3 hunks)
• apps/services/auth/ids-api/test/setup.ts (5 hunks)
• charts/identity-server/values.dev.yaml (2 hunks)
• charts/identity-server/values.prod.yaml (2 hunks)
• charts/identity-server/values.staging.yaml (2 hunks)
• libs/auth-api-lib/src/lib/delegations/delegation-scope.service.ts (5 hunks)

Files skipped from review as they are similar to previous changes (3)

• apps/services/auth/ids-api/src/app/delegations/test/delegations-scopes.spec.ts
• apps/services/auth/ids-api/test/setup.ts
• libs/auth-api-lib/src/lib/delegations/delegation-scope.service.ts

Additional context used

Path-based instructions (1)

apps/services/auth/ids-api/infra/ids-api.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

Additional comments not posted (8)

apps/services/auth/ids-api/infra/ids-api.ts (2)

87-87: Verify the appropriateness of SYSLUMENN_TIMEOUT value

The timeout is set to '10000' milliseconds (10 seconds). Please confirm that this duration is suitable for the SYSLUMENN API interactions and meets the application's performance requirements.

---

97-98: SYSLUMENN credentials added securely

The SYSLUMENN_USERNAME and SYSLUMENN_PASSWORD have been appropriately added to the secrets section.

charts/identity-server/values.prod.yaml (2)

404-405: Ensure SYSLUMENN_HOST is handled appropriately

The SYSLUMENN_HOST and SYSLUMENN_TIMEOUT variables have been added. Confirm that SYSLUMENN_HOST does not contain sensitive information and is appropriate to include in the configuration file.

---

500-501: SYSLUMENN credentials added securely

The SYSLUMENN_USERNAME and SYSLUMENN_PASSWORD have been correctly added as secrets.

charts/identity-server/values.staging.yaml (2)

407-408: Validate inclusion of SYSLUMENN_HOST

The addition of SYSLUMENN_HOST and SYSLUMENN_TIMEOUT is noted. Please ensure that SYSLUMENN_HOST is appropriate for inclusion and does not expose sensitive data.

---

503-504: SYSLUMENN credentials securely added

The SYSLUMENN_USERNAME and SYSLUMENN_PASSWORD have been properly added to the secrets.

charts/identity-server/values.dev.yaml (2)

407-408: Check handling of SYSLUMENN_HOST

The variables SYSLUMENN_HOST and SYSLUMENN_TIMEOUT have been introduced. Verify that SYSLUMENN_HOST is safe to include in this configuration and does not contain sensitive information.

---

503-504: SYSLUMENN credentials securely added

The SYSLUMENN_USERNAME and SYSLUMENN_PASSWORD have been correctly added to the secrets.

[coderabbitai]

Actionable comments posted: 1

Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

Commits

Files that changed from the base of the PR and between acaab15 and 80ca07c.

Files selected for processing (8)

• apps/services/auth/admin-api/infra/auth-admin-api.ts (2 hunks)
• apps/services/auth/delegation-api/infra/delegation-api.ts (2 hunks)
• apps/services/auth/personal-representative-public/infra/personal-representative-public.ts (1 hunks)
• apps/services/auth/personal-representative/infra/personal-representative.ts (1 hunks)
• apps/services/auth/public-api/infra/auth-public-api.ts (2 hunks)
• charts/identity-server/values.dev.yaml (12 hunks)
• charts/identity-server/values.prod.yaml (12 hunks)
• charts/identity-server/values.staging.yaml (12 hunks)

Files skipped from review as they are similar to previous changes (3)

• charts/identity-server/values.dev.yaml
• charts/identity-server/values.prod.yaml
• charts/identity-server/values.staging.yaml

Additional context used

Path-based instructions (5)

apps/services/auth/personal-representative-public/infra/personal-representative-public.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

apps/services/auth/personal-representative/infra/personal-representative.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

apps/services/auth/delegation-api/infra/delegation-api.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

apps/services/auth/admin-api/infra/auth-admin-api.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

apps/services/auth/public-api/infra/auth-public-api.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

Additional comments not posted (16)

apps/services/auth/personal-representative-public/infra/personal-representative-public.ts (2)

17-23: SYSLUMENN environment variables added correctly

The SYSLUMENN_HOST and SYSLUMENN_TIMEOUT configurations are properly defined for all environments.

---

24-26: SYSLUMENN secrets configured correctly

The secrets SYSLUMENN_USERNAME and SYSLUMENN_PASSWORD are correctly set up in the secrets configuration.

apps/services/auth/personal-representative/infra/personal-representative.ts (3)

45-56: Consider centralizing SYSLUMENN configuration to reduce duplication

---

45-50: SYSLUMENN environment variables added correctly

The SYSLUMENN_HOST and SYSLUMENN_TIMEOUT configurations are properly defined for all environments.

---

55-56: SYSLUMENN secrets configured correctly

The secrets SYSLUMENN_USERNAME and SYSLUMENN_PASSWORD are correctly set up in the secrets configuration.

apps/services/auth/delegation-api/infra/delegation-api.ts (4)

3-3: Import 'ref' added appropriately

The ref import is correctly added to support dynamic references in environment variables.

---

57-70: Consider centralizing SYSLUMENN configuration to reduce duplication

---

57-62: SYSLUMENN environment variables added correctly

The SYSLUMENN_HOST and SYSLUMENN_TIMEOUT configurations are properly defined for all environments.

---

69-70: SYSLUMENN secrets configured correctly

The secrets SYSLUMENN_USERNAME and SYSLUMENN_PASSWORD are correctly set up in the secrets configuration.

apps/services/auth/admin-api/infra/auth-admin-api.ts (3)

Line range hint 62-77: Consider centralizing SYSLUMENN configuration to reduce duplication

---

62-67: SYSLUMENN environment variables added correctly

The SYSLUMENN_HOST and SYSLUMENN_TIMEOUT configurations are properly defined for all environments.

---

76-77: SYSLUMENN secrets configured correctly

The secrets SYSLUMENN_USERNAME and SYSLUMENN_PASSWORD are correctly set up in the secrets configuration.

apps/services/auth/public-api/infra/auth-public-api.ts (4)

1-1: Imports organized for better readability

The import statements have been appropriately consolidated for clarity.

---

66-79: Consider centralizing SYSLUMENN configuration to reduce duplication

---

66-71: SYSLUMENN environment variables added correctly

The SYSLUMENN_HOST and SYSLUMENN_TIMEOUT configurations are properly defined for all environments.

---

78-79: SYSLUMENN secrets configured correctly

The secrets SYSLUMENN_USERNAME and SYSLUMENN_PASSWORD are correctly set up in the secrets configuration.

[coderabbitai]

Actionable comments posted: 0

Outside diff range and nitpick comments (1)

apps/services/auth/ids-api/src/app/delegations/delegations.controller.ts (1)

118-135: The new endpoint looks good and follows best practices!

A few additional suggestions:

• Consider adding validation decorators to the DelegationVerification DTO properties to ensure data integrity.
• Add unit tests to verify the endpoint behavior and error handling.

Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 562f5c2 and 5c330b7.

Files selected for processing (2)

• apps/services/auth/ids-api/src/app/delegations/delegation-verification.dto.ts (1 hunks)
• apps/services/auth/ids-api/src/app/delegations/delegations.controller.ts (3 hunks)

Additional context used

Path-based instructions (2)

apps/services/auth/ids-api/src/app/delegations/delegation-verification.dto.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

apps/services/auth/ids-api/src/app/delegations/delegations.controller.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

Additional comments not posted (5)

apps/services/auth/ids-api/src/app/delegations/delegation-verification.dto.ts (2)

6-8: LGTM!

The fromNationalId property is correctly defined as a string and properly validated using the @IsString() decorator. The @ApiProperty() decorator ensures that the property is documented in the API schema.

---

10-13: LGTM!

The delegationTypes property is correctly defined as an array of strings and properly validated using the @IsArray() decorator. The @Type(() => String) decorator ensures that the elements of the array are transformed to strings. The @ApiProperty() decorator documents the property as an array of strings in the API schema.

apps/services/auth/ids-api/src/app/delegations/delegations.controller.ts (3)

32-34: LGTM!

The new DTO imports are necessary for the verify endpoint and follow the correct conventions.

---

7-7: LGTM!

The Post decorator import is necessary and follows the existing import style.

---

2-2: LGTM!

The Body decorator import is necessary and follows the existing import style.

[kodiakhq]

This PR currently has a merge conflict. Please resolve this and then re-add the automerge label.

[saevarma]

🚀

[brynjarorng]

Small comment on infra

[kksteini]

Codeowner files LGTM

[brynjarorng]

LGTM