use account-verifier response types from api

[MatousJobanek]

related PR codeready-toolchain/api#511

Summary by CodeRabbit

• Updates
  • Account verification system updated to use the shared toolchain account-verifier response format for consistent signup and reactivation outcomes.
  • Updated account-verifier handling for rejected and phone-verification results to match API-provided result values.
  • Test coverage adjusted to reflect the corrected verifier JSON responses and expected annotation values.
  • Updated account-verifier-related dependency to a newer version.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: 6be9961d-a8f4-48c3-963b-ce8df74d681b

📥 Commits

Reviewing files that changed from the base of the PR and between 5a372d6 and 8f3d2a4.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod

🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

• codeready-toolchain/api (manual)
• codeready-toolchain/toolchain-common (manual)
• codeready-toolchain/host-operator (manual)
• codeready-toolchain/toolchain-e2e (manual)

📜 Recent review details

⏰ Context from checks skipped due to timeout. (3)

• GitHub Check: test
• GitHub Check: GolangCI Lint
• GitHub Check: Build & push operator bundles & dashboard image for e2e tests

🧰 Additional context used

📓 Path-based instructions (1)

**

⚙️ CodeRabbit configuration file

-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.

Files:

• go.mod

🔀 Multi-repo context codeready-toolchain/api, codeready-toolchain/toolchain-common

Linked Repositories Research Findings

Based on my exploration of the cross-repository impact, here's what I found:

codeready-toolchain/api

AccountVerifierResponse definition:
The API now defines the account-verifier contract at [::codeready-toolchain/api::] ./api/v1alpha1/usersignup_types.go:196-205:

• type AccountVerifierResult string with constants:
  • AccountVerifierResultRejected = "rejected" (JSON value)
  • AccountVerifierResultPhoneVerification = "phone_verification" (JSON value)
  • AccountVerifierResultApproved = "approved" (JSON value)
• type AccountVerifierResponse struct with fields: Result, Reasons []AccountVerifierReason, Error

The annotation key is defined as UserSignupAccountVerifierResultAnnotationKey = "account-verifier-result" [::codeready-toolchain/api::]

codeready-toolchain/toolchain-common

Test configuration support:
Contains test helper functions for configuring account-verifier [::codeready-toolchain/toolchain-common::] ./pkg/test/config/toolchainconfig.go:

• AccountVerifierURL(value string) — sets the verifier service URL
• AccountVerifierMode(value string) — sets the verifier mode

State management:
The states package provides high-level state checks [::codeready-toolchain/toolchain-common::] ./pkg/states/state_manager.go:

• SetRejected(userSignup, rejected bool) — uses UserSignupStateRejected constant from API

codeready-toolchain/host-operator

No direct consumption of account-verifier results:
The host-operator does NOT reference UserSignupAccountVerifierResultAnnotationKey or parse the account-verifier-result annotation values directly. It operates at the UserSignup state level (e.g., UserSignupStateRejected, UserSignupStateVerificationRequired) rather than the annotation level.

The usersignup controller and cleanup controller handle rejected/verification-required states but do not depend on the specific result string values.

codeready-toolchain/toolchain-e2e

No direct AccountVerifier references:
The E2E tests do not reference account-verifier types or annotation values. Tests use high-level state checks like states.Rejected() and references to phone verification flow, but not the account-verifier-result annotation values directly.

Impact Assessment

The string value changes ("reject" → "rejected", "phone-verification" → "phone_verification") are locally contained to the registration-service ↔ API boundary. The host-operator and E2E tests operate at the UserSignup state abstraction level and do not directly depend on these string constants, reducing the risk of breaking changes in dependent repositories.

🔇 Additional comments (1)

go.mod (1)

9-9: 🔒 Security & Privacy

The fork replace directive has been removed and the API dependency is correctly pinned to official upstream.

The full go.mod file (180 lines) contains no replace directives. The dependency at line 9 (github.com/codeready-toolchain/api v0.0.0-20260623133516-6f421bfacf3d) is directly from the official codeready-toolchain/api repository, not routed through a fork. The previous security concern about the fork override has been addressed.

---

Walkthrough

Updates the codeready-toolchain/api dependency to a newer version. Migrates all internal account-verifier response structs and string constants in the signup service to use the shared toolchainv1alpha1.AccountVerifierResponse type and its result constants. Test expectations are updated to match the new canonical result string values.

Changes

Account-verifier type migration

Layer / File(s)	Summary
Dependency version update go.mod	The github.com/codeready-toolchain/api required version updated to a newer pseudo-version.
Signup service migration to toolchainv1alpha1.AccountVerifierResponse pkg/signup/service/signup_service.go	callAccountVerifier, verifyAccount, newUserSignup, createUserSignup, reactivateUserSignup, and isAccountVerifierRejected all updated to use *toolchainv1alpha1.AccountVerifierResponse and the API-provided result constants (AccountVerifierResultPhoneVerification, AccountVerifierResultRejected), removing local response structs and string constants.
Test expectations aligned to new result string values pkg/signup/service/signup_service_test.go	Mocked verifier JSON and UserSignupAccountVerifierResultAnnotationKey assertions updated: "reject" → "rejected", "phone-verification" → "phone_verification" across rejected, phone-verification, and rejected-on-reactivation test cases.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• codeready-toolchain/registration-service#594: Modifies the same signup_service.go and signup_service_test.go files to drive signup/reactivation behavior from the account-verifier HTTP response, refactoring result parsing and updating UserSignup verifier annotations — directly preceding this type-migration work.

Suggested reviewers

• alexeykazakov
• metlos
• rajivnathan

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and accurately summarizes the main change: updating the signup service to use account-verifier response types from the API repository instead of locally-defined types.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Around line 22-23: Remove the replace directive in go.mod that redirects
github.com/codeready-toolchain/api to the personal fork
github.com/matousjobanek/api. Once your API changes are merged into the official
upstream repository, update the go.mod to depend on the official version with an
appropriate version pin. If you still need to test against a fork locally during
development, manage this through local-only configuration (such as
.git/info/attributes or local development setup) rather than committing fork
overrides to the repository.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: 72029767-daa6-409c-8d55-6434972f72f2

📥 Commits

Reviewing files that changed from the base of the PR and between 1c10018 and 5a372d6.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (3)

• go.mod
• pkg/signup/service/signup_service.go
• pkg/signup/service/signup_service_test.go

🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

• codeready-toolchain/api (manual)
• codeready-toolchain/toolchain-common (manual)
• codeready-toolchain/host-operator (manual)
• codeready-toolchain/toolchain-e2e (manual)

📜 Review details

⏰ Context from checks skipped due to timeout. (3)

• GitHub Check: test
• GitHub Check: GolangCI Lint
• GitHub Check: Build & push operator bundles & dashboard image for e2e tests

🧰 Additional context used

📓 Path-based instructions (1)

**

⚙️ CodeRabbit configuration file

-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.

Files:

• go.mod
• pkg/signup/service/signup_service_test.go
• pkg/signup/service/signup_service.go

🔇 Additional comments (4)

go.mod (1)

9-9: LGTM!

pkg/signup/service/signup_service.go (2)

69-69: LGTM!

Also applies to: 148-148, 279-310, 392-402

---

157-160: 🔒 Security & Privacy

Handle legacy verifier result values to avoid fail-open behavior during rollout.

Lines 157-160 and 335-336 only directly compare against enum constants. If the external verifier emits legacy string values during version skew, rejected users may bypass blocking and phone verification may not be enforced.

Suggested compatibility patch

@@
-		if accountVerifierResp.Result == toolchainv1alpha1.AccountVerifierResultPhoneVerification {
+		if isAccountVerifierPhoneVerification(accountVerifierResp) {
 			states.SetVerificationRequired(userSignup, true)
 		}
@@
 func isAccountVerifierRejected(resp *toolchainv1alpha1.AccountVerifierResponse) bool {
-	return resp != nil && resp.Result == toolchainv1alpha1.AccountVerifierResultRejected
+	if resp == nil {
+		return false
+	}
+	return resp.Result == toolchainv1alpha1.AccountVerifierResultRejected || string(resp.Result) == "reject"
 }
+
+func isAccountVerifierPhoneVerification(resp *toolchainv1alpha1.AccountVerifierResponse) bool {
+	if resp == nil {
+		return false
+	}
+	return resp.Result == toolchainv1alpha1.AccountVerifierResultPhoneVerification || string(resp.Result) == "phone-verification"
+}

pkg/signup/service/signup_service_test.go (1)

1542-1591: LGTM!

Also applies to: 1640-1679, 1764-1816

[MatousJobanek]

/retest
infra

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: MatousJobanek, metlos, MikelAlejoBR, rajivnathan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [MatousJobanek,metlos,rajivnathan]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
25.0% Duplication on New Code

See analysis details on SonarQube Cloud