fix: prevent 500 on contributor identity update by filtering non-updatable fields

[joanagmaia]

Issue

Updating a contributor identity from the UI returned a 500 from the backend.

The frontend was spreading the full identity object into the PATCH payload, so fields that aren't updatable (e.g. createdAt, memberId, id) were sent to the API. The backend's updateMemberIdentity then built a SQL UPDATE from every key it received, which produced an invalid statement and crashed the request.

Fix

Frontend — only send fields the API is meant to accept.

• Introduced UpdateContributorIdentityPayload type with the updatable fields only (value, type, platform, verified, source, sourceId, integrationId).
• contributor-identity-edit.vue now picks value and type explicitly instead of spreading form.
• ContributorIdentitiesApiService.update and the updateContributorIdentity store action are typed against the new payload.

Backend — defense-in-depth so an unexpected field can't break the query again.

• updateMemberIdentity (services/libs/data-access-layer/src/members/identities.ts) now filters the incoming data against an allowlist (UPDATABLE_IDENTITY_FIELDS: platform, value, type, verified, verifiedBy, source, sourceId, integrationId) and drops undefined values before building the SET clause.

---

Note

Medium Risk
Touches the backend SQL update path for member identities; while the change is narrowly scoped, mistakes in the allowlist/filtering could cause legitimate fields to stop updating or silently no-op.

Overview
Prevents 500s when editing contributor identities by restricting what fields can be sent/updated.

On the frontend, identity PATCH calls now send an explicit UpdateContributorIdentityPayload (instead of spreading the full identity/form object) and the API service/store action typings were tightened accordingly.

On the backend, updateMemberIdentity now filters incoming update data to an allowlist of updatable columns (dropping undefined values) before building the SQL SET clause, so unexpected fields can’t generate invalid UPDATE statements.

^{Reviewed by Cursor Bugbot for commit f8890c8. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

⚠️ Jira Issue Key Missing

Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability.

Example:

• feat: add user authentication (CM-123)
• feat: add user authentication (IN-123)

Projects:

• CM: Community Data Platform
• IN: Insights

Please add a Jira issue key to your PR title.

[github-actions]

⚠️ Jira Issue Key Missing

Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability.

Example:

• feat: add user authentication (CM-123)
• feat: add user authentication (IN-123)

Projects:

• CM: Community Data Platform
• IN: Insights

Please add a Jira issue key to your PR title.

[github-actions]

⚠️ Jira Issue Key Missing

Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability.

Example:

• feat: add user authentication (CM-123)
• feat: add user authentication (IN-123)

Projects:

• CM: Community Data Platform
• IN: Insights

Please add a Jira issue key to your PR title.

[Copilot]

Pull request overview

Fixes a backend 500 when updating contributor/member identities by preventing non-updatable fields from reaching the SQL UPDATE builder, adding backend allowlisting as defense-in-depth.

Changes:

• Backend: updateMemberIdentity now filters incoming update fields against an allowlist and drops undefined values before generating the SET clause.
• Frontend: introduces UpdateContributorIdentityPayload and updates identity edit flow/API typings to send only intended updatable fields.
• Frontend: identity edit form now explicitly constructs the PATCH payload instead of spreading the full identity object.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
services/libs/data-access-layer/src/members/identities.ts	Filters update payload keys to prevent invalid SQL updates from unexpected fields.
frontend/src/modules/contributor/types/Contributor.ts	Adds a dedicated update payload type with only updatable identity fields.
frontend/src/modules/contributor/store/contributor.actions.ts	Tightens typing for the identity update action to the new payload type.
frontend/src/modules/contributor/services/contributor.identities.api.service.ts	Updates PATCH method signature/body to use the new payload type.
frontend/src/modules/contributor/components/edit/identity/contributor-identity-edit.vue	Sends a curated subset of fields instead of spreading the full form object.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

⚠️ Jira Issue Key Missing

Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability.

Example:

• feat: add user authentication (CM-123)
• feat: add user authentication (IN-123)

Projects:

• CM: Community Data Platform
• IN: Insights

Please add a Jira issue key to your PR title.

[github-actions]

⚠️ Jira Issue Key Missing

Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability.

Example:

• feat: add user authentication (CM-123)
• feat: add user authentication (IN-123)

Projects:

• CM: Community Data Platform
• IN: Insights

Please add a Jira issue key to your PR title.

[github-actions]

⚠️ Jira Issue Key Missing

Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability.

Example:

• feat: add user authentication (CM-123)
• feat: add user authentication (IN-123)

Projects:

• CM: Community Data Platform
• IN: Insights

Please add a Jira issue key to your PR title.