This repository was archived by the owner on May 29, 2026. It is now read-only.
fix(ori): surface closeVotingRound failures explicitly and add bearer auth to ORI publication#331
Merged
Conversation
… auth to ORI publication Closes #318 VotingService::closeVotingRound no longer swallows lifecycle-transition and ORI-publication failures silently. State-machine violations (\InvalidArgumentException) are re-thrown so the controller returns an explicit error. Infrastructure errors are promoted from WARNING to ERROR level in logs. ORI publication errors are attached to the returned round payload as 'oriPublicationError' so callers can surface them. Closes #320 OriPublicationService::publish now reads 'ori_bearer_secret' from IAppConfig and includes it as an Authorization: Bearer header when set. The key is added to SettingsService::CONFIG_KEYS so it can be saved from the admin UI. When the key is not configured the Authorization header is omitted (intentional: ORI endpoints that require auth will return 401, exposing the gap rather than silently failing with 200).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes 2 ORI/lifecycle correctness issues found in the quality-loop review.
VotingService::closeVotingRoundno longer swallows lifecycle-transition and ORI-publication failures silently:\InvalidArgumentExceptionfrom the state-machine (bad transition) is now re-thrown as a\RuntimeExceptionso the controller returns an explicit error response instead of silently returning a stale round.WARNINGtoERRORlog level so they surface in monitoring.oriPublicationError.OriPublicationService::publishreadsori_bearer_secretfromIAppConfigand includes it as anAuthorization: Bearerheader when configured. The key is added toSettingsService::CONFIG_KEYSso it can be saved from the admin settings UI.Test plan
composer test(VotingServiceTest is skipped per issue Broken: 21 unit tests fail due to ObjectService stub/real-signature mismatch #90)ori_bearer_secretin admin settings and verify Authorization header is sent in a test POST to a mock endpointcloseVotingRoundon a round with a motion already inadoptedstate (invalid transition) returns HTTP 400 with an error messageoriPublicationErrorfield