BA-2161 setFormApiErrors handles also Error objects

[tsl-ps2]

This fixes the first objective below by making sure that setFormApiErrors can also handle Error objects (obtained by calling new Error(message)). I could not reproduce the second problem.

Testing
Use the frontend template from the master branch and the package from this PR. Then replace packages and follow the usual workflow. Run the backend from the master branch.

Description

Acceptance Criteria
When registering with the existing email, it send me to code screen instead of showing warning of existing email.

• The error should show in the UI

• I should not be able to the "Enter Code" screen if there is an error during the sign up form.

Video: https://www.loom.com/share/dcee5d9752334d379ee0d191576da364?sid=109e6385-c05e-44a1-8682-557ee8f52c6a
Bug catcher: Selim Reza

Approvd
https://app.approvd.io/silverlogic/BA/stories/38225

Summary by CodeRabbit

Summary by CodeRabbit

• Dependency Updates

  • Updated @baseapp-frontend/utils to version 3.1.3 across multiple packages
  • Updated @baseapp-frontend/authentication to version 4.1.5
  • Updated @baseapp-frontend/components to version 0.0.55
  • Updated @baseapp-frontend/design-system to version 0.0.34
  • Updated @baseapp-frontend/graphql to version 1.2.4
  • Updated @baseapp-frontend/provider to version 2.0.10
  • Updated @baseapp-frontend/wagtail to version 1.0.19

• Improvements

  • Enhanced error handling in utility functions, specifically setFormApiErrors and getApiErrorMessage

[changeset-bot]

⚠️ No Changeset found

Latest commit: 900d2b9

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

This pull request involves updates across multiple packages in the @baseapp-frontend ecosystem. The primary focus is on updating the @baseapp-frontend/utils package to version 3.1.3, which introduces enhanced error handling capabilities, particularly in the setFormApiErrors function. Several dependent packages, including authentication, components, design-system, graphql, provider, and wagtail, have also been updated to reflect this change, with corresponding version increments documented in their changelogs.

Changes

Package	Changes
@baseapp-frontend/utils	- Version updated to 3.1.3 - Enhanced setFormApiErrors to handle Error objects - Modified getApiErrorMessage error message construction
@baseapp-frontend/authentication	- Version updated to 4.1.5 - Updated dependency to @baseapp-frontend/utils@3.1.4
@baseapp-frontend/components	- Version updated to 1.0.3 - Updated dependencies including @baseapp-frontend/utils@3.1.4 and @baseapp-frontend/authentication@4.1.5
@baseapp-frontend/design-system	- Version updated to 0.0.34 - Updated dependency to @baseapp-frontend/utils@3.1.3
@baseapp-frontend/graphql	- Version updated to 1.2.4 - Updated dependency to @baseapp-frontend/utils@3.1.3
@baseapp-frontend/provider	- Version updated to 2.0.10 - Updated dependency to @baseapp-frontend/utils@3.1.3
@baseapp-frontend/wagtail	- Version updated to 1.0.19 - Updated dependencies including @baseapp-frontend/utils@3.1.3

Possibly related PRs

• BA-Add-mobile-graphql-environment #164: Related to updates of the @baseapp-frontend/utils dependency, which is also referenced in the updates to the @baseapp-frontend/graphql package.
• BA-hotfix: remove listener #153: Direct connection through version updates in the CHANGELOG.md and package.json files for the @baseapp-frontend/authentication package.
• BA-2192: mobile features into packages #198: Related to updates in the CHANGELOG.md and package.json files for the @baseapp-frontend/authentication package, specifically the dependency on @baseapp-frontend/utils.

Suggested reviewers

• Hercilio1
• anicioalexandre
• deboracosilveira

Poem

🐰 Hop, hop, through the code we go,
Updating utils with errors in tow,
Packages dance, versions rise high,
A rabbit's symphony of patches nigh!
Debugging magic, smooth and light! 🔧✨

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2e23479 and 900d2b9.

📒 Files selected for processing (3)

• packages/authentication/CHANGELOG.md (1 hunks)
• packages/authentication/package.json (1 hunks)
• packages/components/CHANGELOG.md (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

• packages/authentication/package.json
• packages/authentication/CHANGELOG.md
• packages/components/CHANGELOG.md

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Analyze (javascript)
• GitHub Check: Build and Lint Packages

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

packages/utils/CHANGELOG.md (1)

7-7: Enhance the changelog entry with more details.

The changelog entry could be more descriptive about how Error objects are handled. Consider adding:

• What behavior to expect when passing Error objects
• Any specific use cases this addresses (e.g., sign-up form errors)

-setFormApiErrors also handles Error objects
+setFormApiErrors now handles Error objects created via new Error(message), displaying their messages as form validation errors. This improves error handling during form submissions, particularly for sign-up flows.

packages/utils/functions/form/setFormApiErrors/index.ts (1)

14-24: Handle unparseable error messages more explicitly
When err.message isn't valid JSON, this branch silently ignores the error. It might be helpful to provide a default error message or log this for better user feedback when JSON parsing fails.

} catch (parsingError) {
-  // Error message is not a JSON object, no further action taken
+  console.warn("Unable to parse 'err.message' as JSON. Using a default error message or ignoring the error.")
}

packages/utils/functions/form/setFormApiErrors/__tests__/setFormApiErrors.test.ts (1)

14-16: Add more test cases for varied field values
Currently, the form values for bio and image are set to '' and null, respectively. Consider adding more edge cases (e.g., undefined, numeric values, etc.) to increase coverage and confidence in form error handling.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e2e807c and 2e23479.

📒 Files selected for processing (18)

• packages/authentication/CHANGELOG.md (1 hunks)
• packages/authentication/package.json (1 hunks)
• packages/components/CHANGELOG.md (1 hunks)
• packages/components/package.json (1 hunks)
• packages/design-system/CHANGELOG.md (1 hunks)
• packages/design-system/package.json (1 hunks)
• packages/graphql/CHANGELOG.md (1 hunks)
• packages/graphql/package.json (1 hunks)
• packages/provider/CHANGELOG.md (1 hunks)
• packages/provider/package.json (1 hunks)
• packages/utils/CHANGELOG.md (1 hunks)
• packages/utils/functions/api/getApiErrorMessage/__tests__/getApiErrorMessage.test.ts (1 hunks)
• packages/utils/functions/api/getApiErrorMessage/index.ts (1 hunks)
• packages/utils/functions/form/setFormApiErrors/__tests__/setFormApiErrors.test.ts (2 hunks)
• packages/utils/functions/form/setFormApiErrors/index.ts (1 hunks)
• packages/utils/package.json (1 hunks)
• packages/wagtail/CHANGELOG.md (1 hunks)
• packages/wagtail/package.json (1 hunks)

✅ Files skipped from review due to trivial changes (12)

• packages/provider/package.json
• packages/components/package.json
• packages/design-system/package.json
• packages/utils/package.json
• packages/graphql/package.json
• packages/authentication/package.json
• packages/authentication/CHANGELOG.md
• packages/provider/CHANGELOG.md
• packages/wagtail/package.json
• packages/wagtail/CHANGELOG.md
• packages/design-system/CHANGELOG.md
• packages/graphql/CHANGELOG.md

🔇 Additional comments (7)

packages/utils/functions/api/getApiErrorMessage/index.ts (1)

12-12: Ensure correct fallback behavior for invalid JSON error strings.

This line leverages the parsed message's detail field when available, or otherwise falls back to error.message. When parsing fails, the catch block also uses error.message. As a result, the default message is only used if neither error?.message nor parsedMessage.detail is present. This approach aligns with the objective of capturing error information from both JSON-based and Error object instances.

packages/utils/functions/api/getApiErrorMessage/__tests__/getApiErrorMessage.test.ts (1)

37-37: Confirm test alignment with new fallback behavior.

By expecting the raw errorMessage for invalid JSON, this test verifies the updated logic in which the function returns error.message if parsing fails. This change ensures that new Error('...') instances, as well as other non-JSON messages, still provide meaningful feedback.

packages/components/CHANGELOG.md (1)

3-11: LGTM! Version bump and dependency updates look correct.

The changelog entry properly documents the dependency updates, particularly the update to @baseapp-frontend/utils@3.1.3 which aligns with the PR objective to enhance error handling.

Let's verify the version bump of @baseapp-frontend/utils package:

✅ Verification successful

Version bump and dependency updates are verified and correct

The changelog entry in components package correctly references @baseapp-frontend/utils@3.1.3, which contains the enhancement to setFormApiErrors to handle Error objects, aligning perfectly with the PR objectives.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the changes in @baseapp-frontend/utils@3.1.3 related to error handling

# Check the commit history and diff for utils package version 3.1.3
git log -p --all -- 'packages/utils/CHANGELOG.md' | grep -A 10 "3.1.3"

Length of output: 0

---

Script:

#!/bin/bash
# Check if utils package exists and view its changelog
echo "=== Checking utils package ==="
fd "package.json" packages/utils
cat packages/utils/CHANGELOG.md 2>/dev/null || echo "Changelog not found"

echo -e "\n=== Searching for error handling related changes ==="
# Look for error handling related code
ast-grep --pattern 'setFormApiErrors($_)' 

# Search for Error object handling
rg -l "instanceof Error" packages/

Length of output: 9093

packages/utils/CHANGELOG.md (1)

3-7: Version bump looks appropriate.

The change is backward-compatible and fixes a bug in error handling, making it suitable for a patch version bump (3.1.3).

Let's verify there are no breaking changes by checking the implementation:

✅ Verification successful

Patch version bump is correct

The implementation verification confirms this is a non-breaking change that extends error handling capabilities while maintaining backward compatibility with existing usage patterns across the codebase.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check the implementation of setFormApiErrors to verify it's a non-breaking change

# Look for the implementation and its tests
rg -A 10 "setFormApiErrors" --type ts --type tsx

Length of output: 76

---

Script:

#!/bin/bash
# Search for setFormApiErrors implementation using multiple strategies
echo "=== Searching with ripgrep ==="
rg "setFormApiErrors" -A 5

echo -e "\n=== Searching TypeScript files ==="
fd -e ts -e tsx -x rg "setFormApiErrors" -A 5 {}

echo -e "\n=== Searching with AST pattern ==="
ast-grep --pattern 'function setFormApiErrors($_) {
  $$$
}'

Length of output: 19223

packages/utils/functions/form/setFormApiErrors/index.ts (1)

25-29: Verify that all error properties are arrays
Here, we cast errors to string[], but if the backend changes shape or returns unexpected data, this cast could cause issues. Confirm that the error format is always an array of strings, or add checks before using head(errors as string[]).

✅ Verification successful

Error handling is properly implemented and type-safe
The implementation includes multiple safeguards that prevent runtime issues:

• Validates error object structure before processing
• Verifies error message is a string before usage
• Confirms field exists in form values
• Test suite demonstrates consistent array-based error format

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Locate all references to setFormApiErrors usage, then review how errors are constructed.
rg -A 5 "setFormApiErrors" 

Length of output: 14696

---

Script:

#!/bin/bash
# Get the test file content and implementation
cat packages/utils/functions/form/setFormApiErrors/__tests__/setFormApiErrors.test.ts
cat packages/utils/functions/form/setFormApiErrors/index.ts

Length of output: 4248

packages/utils/functions/form/setFormApiErrors/__tests__/setFormApiErrors.test.ts (2)

81-96: Approved: robust testing for null or blank fields
These lines thoroughly verify form errors when fields are empty or null, ensuring that setError is called. Great job covering these edge cases.

---

98-115: Approved: testing Error object parsing
This validates the new functionality that handles Error objects with JSON data in their messages. It’s an excellent addition to confirm the updated logic.

[tsl-ps2]

@anicioalexandre: Since we had our little discussion about revealing information to potential attackers: IMO, displaying this error message is much more critical than displaying the last one since it gives an unauthenticated attacker an easy way to find out whether an email address is used or not (to sign up as in this PR you do not need to be authenticated, to change your password as in the last PR you had to be authenticated). However, not displaying the message would lead to a quite bad UX: As a user, I would no longer know why my sign up failed.

[anicioalexandre]

we had our little discussion about revealing information to potential attackers: IMO, displaying this error message is much more critical than displaying the last one since it gives an unauthenticated attacker an easy way to find out whether an email address is used or not (to sign up as in this PR you do not need to be authenticated, to change your password as in the last PR you had to be authenticate

@tsl-ps2 what are the current messages we're showing?

[tsl-ps2]

@anicioalexandre: "That email is already in use. Choose another." (when registering with an already existing email address)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud