Skip to main content

[Employer Sync 5.4] Verify session response does not assume Talent::Profile

TL;DR: Audit the session response path; ensure no code reads identities_user.talent_profile.<anything> without a nil-check. A migrated employer can legitimately have no Talent::Profile, and we will not auto-create empty ones.

Context

Employers do not need a Talent::Profile. The migration explicitly does not create one. But the login flow and session response paths were written at a time when every Identities::User had a Talent::Profile, so any code that reads identities_user.talent_profile.<anything> without a nil-check is a latent crash for a freshly-migrated employer.

Problem

Identities::User has_one :talent_profile is a soft has_one, not a NOT NULL FK. A migrated employer can legitimately have no Talent::Profile. If any code in the session/response path reads identities_user.talent_profile.something without a nil-check, a freshly-migrated employer logs in successfully and then crashes on the response.

Direction

Audit every code path between Identities::Sessions::CreateManager and the JSON the client receives:

  • Identities::Sessions::CreateManager itself.
  • The response serializer (Identities::SessionSerializer or equivalent).
  • Anything serializer composes into the response (DTOs, embedded serializers).
  • The CurrentRequest setup in Identities::Users::AuthenticatedController.
  • Any place that reads user.talent_profile.<anything>.

For each, confirm either:

  • (a) The code already nil-checks, or
  • (b) It reaches the read only on a path that requires a Talent::Profile (e.g. /candidates/ controllers — fine, those routes are guarded).

For any path that is reachable for an employer login and assumes talent_profile is present: change it to handle nil cleanly. Do not auto-create an empty Talent::Profile.

Add a regression test: log in as an Identities::User with an Org::Membership and no Talent::Profile; the session response renders 200 OK.

Acceptance

  • Audit results recorded in the issue comments — list of paths checked.
  • All talent_profile-reading code is either nil-safe or unreachable for employers.
  • Regression test added; passes.