LCORE-688 Validate that user_id is not empty in noop authentication modules

[max-svistunov]

Description

It was possible to provide an empty user_id (?user_id=""), now this throws a 400 error.

Type of change

• Refactor
• New feature
• Bug fix
• CVE fix
• Optimization
• Documentation Update
• Configuration Update
• Bump-up service version
• Bump-up dependent library
• Bump-up library or tool used for development (does not change the final image)
• CI configuration change
• Konflux configuration change
• Unit tests improvement
• Integration tests improvement
• End to end tests improvement
• Benchmarks improvement

Tools used to create PR

Identify any AI code assistants used in this PR (for transparency and review context)

• Assisted-by: Claude Opus 4.5
• Generated by: Claude Opus 4.5

Related Tickets & Documents

• Related Issue # LCORE-688
• Closes # LCORE-688

Checklist before requesting a review

• I have performed a self-review of my code.
• PR has passed all pre-merge test jobs.
• If it is a core feature, I have added thorough tests.

Testing

1. Start the service with noop or noop-with-token authentication
2. Send a POST request to /v1/authorized with empty user_id:
   $ curl -X POST "http://localhost:8080/v1/authorized?user_id=" -H "Content-Type: application/json" -d '{}'
3. Verify response is HTTP 400 with body: {"detail": "user_id cannot be empty"}

Summary by CodeRabbit

• Bug Fixes
  • User ID validation: Authentication endpoints now properly validate and reject empty user IDs with a 400 error response and clear error message. This applies to both standard and token-based authentication flows.

[coderabbitai]

Walkthrough

The changes add validation to two authentication modules to reject empty user_id values by raising HTTP 400 errors, and update corresponding test cases to verify this new rejection behavior.

Changes

Cohort / File(s)	Summary
Authentication Module Validation src/authentication/noop.py, src/authentication/noop_with_token.py	Added HTTPException import and validation logic to raise HTTP 400 with message "user_id cannot be empty" when user_id is falsy during authentication dependency resolution.
End-to-End Tests tests/e2e/features/authorized_noop.feature, tests/e2e/features/authorized_noop_token.feature	Updated test scenarios to expect HTTP 400 status code and error detail response instead of HTTP 200 when empty user_id is provided.
Unit Tests tests/unit/authentication/test_noop.py, tests/unit/authentication/test_noop_with_token.py	Added new test cases to verify HTTPException with 400 status is raised for empty user_id inputs in both authentication dependencies.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Suggested reviewers

• tisnik

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: adding validation to ensure user_id is not empty in noop authentication modules.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[max-svistunov]

@radofuchs Hi Radovan, could you PTAL? If I understand correctly, the problem is with user_id as opposed to username.

[tisnik]

LGTM