fix(jhe-pgd): make patient consents idempotent and improve invitation… by travis-sauer-oltech · Pull Request #243 · jupyterhealth/jupyterhealth-exchange

travis-sauer-oltech · 2026-01-17T02:14:43Z

… links

Make POST/PATCH consents upsert via update_or_create (avoid unique constraint failures)
Use timezone-aware consented_time
Build multi-host invitation links including hostname/client_id/code_verifier/code
Parse CH_INVITATION_LINK_EXCLUDE_HOST as boolean; allow env overrides for PKCE verifier/challenge
Add requirements.txt and fix runtests.py settings module
Add regression test ensuring duplicate consent POST is safe

… links - Make POST/PATCH consents upsert via update_or_create (avoid unique constraint failures) - Use timezone-aware consented_time - Build multi-host invitation links including hostname/client_id/code_verifier/code - Parse CH_INVITATION_LINK_EXCLUDE_HOST as boolean; allow env overrides for PKCE verifier/challenge - Add requirements.txt and fix runtests.py settings module - Add regression test ensuring duplicate consent POST is safe

for more information, see https://pre-commit.ci

minrk · 2026-01-19T22:13:47Z

@@ -0,0 +1,23 @@
+coverage


As you mentioned, I do like having a plain-pip way to install things here. What I would like to avoid is a complete duplicate of the same information that's bound to get out of sync. I believe the Pipfile can consume this as the true source, though?

Maybe save this change for another PR, since it's not related to the functionality here?

minrk · 2026-01-19T22:16:45Z

+                        scope_code_id=scope_code_id,
+                    )
+
+                    if request.method in ["POST", "PATCH"]:


I think it's okay for POST to be Idempotent (I don't have the deepest view on this one).

But shouldn't PATCH still fail if it doesn't exist already? If not, should we lose PATCH as a supported method? It doesn't seem right to have them both present and do the exact same thing.

surfdoc · 2026-01-21T00:56:23Z

+from oauth2_provider.models import get_application_model

 from core.admin_pagination import AdminListMixin
+from core.context_processors import _get_oidc_client_id


I think this import is unused, if so we should remove it.

surfdoc · 2026-01-21T00:56:35Z

+            data=payload,
+            format="json",
+        )
+        self.assertEqual(response2.status_code, 200)


Consider also asserting the count did not increase:

consent_count_before = StudyPatientScopeConsent.objects.count() response2 = self.client.post(...) self.assertEqual(StudyPatientScopeConsent.objects.count(), consent_count_before)

travis-sauer-oltech requested review from minrk and s1monj January 17, 2026 02:14

[pre-commit.ci] auto fixes from pre-commit.com hooks

384f2a2

for more information, see https://pre-commit.ci

minrk reviewed Jan 19, 2026

View reviewed changes

surfdoc reviewed Jan 21, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(jhe-pgd): make patient consents idempotent and improve invitation…#243

fix(jhe-pgd): make patient consents idempotent and improve invitation…#243
travis-sauer-oltech wants to merge 2 commits intomainfrom
feat/jhe-pgd-update-invitation-link-and-consent-idempotency

travis-sauer-oltech commented Jan 17, 2026

Uh oh!

minrk Jan 19, 2026

Uh oh!

minrk Jan 19, 2026

Uh oh!

surfdoc Jan 21, 2026

Uh oh!

surfdoc Jan 21, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

travis-sauer-oltech commented Jan 17, 2026

Uh oh!

minrk Jan 19, 2026

Choose a reason for hiding this comment

Uh oh!

minrk Jan 19, 2026

Choose a reason for hiding this comment

Uh oh!

surfdoc Jan 21, 2026

Choose a reason for hiding this comment

Uh oh!

surfdoc Jan 21, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants