You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[ ] Regression
[X] Bug report
[X] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.
Current behavior
Errors generated by Passport strategies are all substituted with
Request auth/login endpoint with incorrect user credentials. You can achieve it by:
a) Sending request with incorrect Content-Type: i.e. Content-Type: text/plain
b) Sending JSON with invalid fieldNames: i.e. { "brokenusernamefield": "test", "password": "test"}
What is the motivation / use case for changing the behavior?
Passport strategies provide useful information about Missing Credentials, invalid format of the request, etc. Supressing all this information with 401: Unauthorized cause problem in debugging sessions. They should be at least logged as errors caught by ExceptionHandler.
Environment
Nest version: 6.10.2
Nest passport version: 6.1.1
For Tooling issues:
- Node version: 10.15.3
- Platform: Mac
Others:
The text was updated successfully, but these errors were encountered:
I'm submitting a...
Current behavior
Errors generated by Passport strategies are all substituted with
Expected behavior
Errors generated by Passport strategies are propagated and displayed to logs with proper Status Codes.
I.E. https://github.com/jaredhanson/passport-local/blob/2bf3939ca369e08a47a28585c2ccfb3cecffeb9c/lib/strategy.js#L75
should be returned as:
Minimal reproduction of the problem with instructions
passport-local
example from Nest Documentation: https://docs.nestjs.com/techniques/authentication#implementing-passport-strategiesauth/login
endpoint with incorrect user credentials. You can achieve it by:a) Sending request with incorrect Content-Type: i.e.
Content-Type: text/plain
b) Sending JSON with invalid fieldNames: i.e.
{ "brokenusernamefield": "test", "password": "test"}
What is the motivation / use case for changing the behavior?
Passport strategies provide useful information about Missing Credentials, invalid format of the request, etc. Supressing all this information with
401: Unauthorized
cause problem in debugging sessions. They should be at least logged as errors caught by ExceptionHandler.Environment
The text was updated successfully, but these errors were encountered: