Authentication 500 Internal Server Error returned instead of 400 Bad Request #17194
Closed as not planned
Description
Bug report
Required System information
- Node.js version: 18.6.1
- NPM version: 9.5.1
- Strapi version: 4.11.3
- Database: sqlite
- Operating system: macOS Monterey v12.6
- Is your project Javascript or Typescript: Javascript
Describe the bug
When authenticating with api/auth/local with an incorrect username or password, HTTP status 500 Internal server error is returned whereas in the console it shows a ValidationError: Invalid identifier or password.
Steps to reproduce the behavior
- In Postman set up a POST request with the following URL: http://localhost:1337/api/auth/local
- In the body section create the following JSON object:
{"identifier": "john.doe@example.com", "password": "password"} - Click Send
- See response
The response is 500 Internal Server Error.
{
"data": null,
"error": {
"status": 500,
"name": "InternalServerError",
"message": "Internal Server Error"
}
}
Expected behavior
HTTP status 400 (Bad Request) should be returned with the following JSON object: {message: "Identifier or password invalid"}.
Additional context
While debugging, I noticed the following:
- It throws a ValidationError which extends the ApplicationError in plugin-user-permissions > server > controllers > auth.js
- Then it is caught in the middleware strapi > lib > middlewares > body.js and re-thrown. Here the error is an instance of Error but I cannot see if it is an instance of ApplicationError or ValidationError as this is not available in body.js.
- Then it is caught in the middleware strapi > lib > middlewares > errors.js but here the error is no longer an instance of ApplicationError and therefore the HTTP status is set to 500 in formatInternalError as a catch all status.
See also: https://forum.strapi.io/t/get-500-error-on-client-side-but-403-in-terminal-for-the-backend/14496/19