Skip to content

Add unsafe metadata support to clerk-android #355

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Nov 10, 2025
Merged

Add unsafe metadata support to clerk-android #355

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
910e252
feat: Add unsafe_metadata field to User model
cursoragent Nov 10, 2025
6ab82ad
Test: Add User UpdateParams tests for unsafeMetadata
cursoragent Nov 10, 2025
1b68bf4
Fix: Ensure unsafe metadata is properly escaped in JSON serialization
cursoragent Nov 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions source/api/src/main/kotlin/com/clerk/api/user/User.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -193,6 +193,8 @@ data class User(
@SerialName("public_metadata") val publicMetadata: String? = null,
/** JSON string containing private metadata to update. */
@SerialName("private_metadata") val privateMetadata: String? = null,
/** JSON string containing unsafe metadata to update. */
@SerialName("unsafe_metadata") val unsafeMetadata: String? = null,
Comment on lines +196 to +197
Copy link
Contributor

@coderabbitai coderabbitai bot Nov 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Implementation looks good and follows existing patterns.

The addition of unsafeMetadata to UpdateParams correctly follows the same pattern as publicMetadata and privateMetadata. The type String? is appropriate for the update parameters, matching the existing metadata fields.

However, the AI summary incorrectly states that unsafeMetadata was added to the User data class. The field already exists at line 165, so this appears to be a documentation inconsistency rather than a code change.

As per coding guidelines, please add tests to cover the new unsafeMetadata parameter. The tests should verify:

  1. Updating a user with unsafeMetadata succeeds
  2. The field is properly serialized in API requests
  3. The updated metadata is correctly reflected in the returned User object

Would you like me to help generate test cases for this functionality?

Additionally, verify that the @AutoMap annotation properly handles the new field:

🏁 Script executed:

#!/bin/bash
# Description: Verify that unsafeMetadata is properly integrated with the UpdateParams serialization

# Search for how UpdateParams.toMap() is implemented or generated by @AutoMap
rg -n "toMap" --type=kotlin -A 5 -B 2

# Search for any existing tests of UpdateParams to understand the test pattern
rg -n "UpdateParams" --type=kotlin -g "*test*" -C 3

# Search for any existing usage of publicMetadata or privateMetadata updates to see the pattern
rg -n "publicMetadata|privateMetadata" --type=kotlin -g "**/*test*" -C 3

Length of output: 41447


---

🏁 Script executed:

```shell
#!/bin/bash
# Better search for test files related to User.kt and UpdateParams

# Search for test files by common naming patterns
echo "=== Searching for User-related test files ==="
fd -e kt -path "*test*" | grep -i user | head -20

echo -e "\n=== Searching for UpdateParams in any Kotlin files (broader search) ==="
rg -n "UpdateParams" --type=kotlin -B2 -A2 | head -50

echo -e "\n=== Checking for test directory structure ==="
find . -type d -name "test" -o -name "tests" 2>/dev/null | head -10

echo -e "\n=== Search for any test involving metadata updates ==="
rg -n "metadata" --type=kotlin -g "*test*" -C2 | head -40

Length of output: 3857

🏁 Script executed:

#!/bin/bash
# Search in test directory specifically

echo "=== List files in test directory ==="
find ./source/api/src/test -type f -name "*.kt" 2>/dev/null | head -20

echo -e "\n=== Search for User in test files ==="
find ./source/api/src/test -type f -name "*.kt" -exec grep -l "User" {} \; 2>/dev/null

echo -e "\n=== Search for update or Update in test files ==="
find ./source/api/src/test -type f -name "*.kt" -exec grep -l "update\|Update" {} \; 2>/dev/null | head -10

echo -e "\n=== Check for any metadata tests ==="
find ./source/api/src/test -type f -name "*.kt" | xargs grep -l "metadata" 2>/dev/null

Length of output: 1622

🏁 Script executed:

#!/bin/bash
# Check what User-related tests exist in ClerkTest.kt

echo "=== Inspect ClerkTest.kt for update-related tests ==="
grep -n "update\|Update" ./source/api/src/test/java/com/clerk/api/sdk/ClerkTest.kt

echo -e "\n=== Check if ClerkTest.kt tests User.update() ==="
grep -n -A5 -B5 "User\|user" ./source/api/src/test/java/com/clerk/api/sdk/ClerkTest.kt | head -50

echo -e "\n=== Verify the PR changes - check if any test files were modified ==="
# Look at the actual file structure to confirm no test changes
find . -name "*.kt" -path "*test*" -newer ./source/api/src/main/kotlin/com/clerk/api/user/User.kt 2>/dev/null | head -5 || echo "Cannot determine file modification times"

Length of output: 2795

Add tests for the new unsafeMetadata field in User.update().

The implementation correctly follows the existing pattern for publicMetadata and privateMetadata fields, with proper @AutoMap and @SerialName annotations. However, per coding guidelines, tests must be added to cover this new functionality since none exist in the codebase for User.update() operations.

Add tests to verify:

  1. Updating a user with unsafeMetadata succeeds
  2. The field is properly serialized in API requests via toMap()
  3. Updated metadata is correctly reflected in the returned User object

)

/**
Expand Down