The user directory service implementation is currently heavily dependent on invisible side-effects of public methods. This reduces readability and maintainability, and sometimes causes inefficiencies (e.g., getting a user record from a provider twice in a single code flow).
When reviewing code to support new authentication functionality, it became clear that a move to explicitly exposed logic would greatly help when adding features as well as when fixing old ones, and that agreement on that exposed logic would be easy to achieve.
We expect work to proceed as follows:
1) Create integration tests for the effected code paths (getUser, getUserByEid, etc.).
2) Rationalize the internal logic of those methods.
3) Use the integration tests to ensure that the existing functionality remains intact and that performance doesn't degrade.
4) Use the new internal logic to add required functionality.