Merge pull request #7698 from appwrite/update-error-message

chore: update error types for create account endpoints
2024-06-14 00:34:51 +12:00 · 2024-03-01 14:03:49 +01:00 · 2024-03-01 14:03:49 +01:00 · 3542d360b0
parent 9a821e250f d1715e3bf4
commit 3542d360b0
4 changed files with 13 additions and 7 deletions
--- a/app/config/errors.php
+++ b/app/config/errors.php
@ -103,6 +103,11 @@ return [
        'description' => 'This method was not fully implemented yet. If you believe this is a mistake, please upgrade your Appwrite server version.',
        'code' => 405,
    ],
+    Exception::GENERAL_BAD_REQUEST => [
+        'name' => Exception::GENERAL_BAD_REQUEST,
+        'description' => 'There was an error processing your request. Please check the inputs and try again.',
+        'code' => 400,
+    ],

    /** User Errors */
    Exception::USER_COUNT_EXCEEDED => [
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@ -110,7 +110,7 @@ App::post('/v1/account')
            Query::equal('providerEmail', [$email]),
        ]);
        if ($identityWithMatchingEmail !== false && !$identityWithMatchingEmail->isEmpty()) {
-            throw new Exception(Exception::USER_EMAIL_ALREADY_EXISTS);
+            throw new Exception(Exception::GENERAL_BAD_REQUEST); /** Return a generic bad request to prevent exposing existing accounts */
        }

        if ($project->getAttribute('auths', [])['personalDataCheck'] ?? false) {
@ -637,7 +637,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
                    Query::equal('providerEmail', [$email]),
                ]);
                if ($identityWithMatchingEmail !== false && !$identityWithMatchingEmail->isEmpty()) {
-                    throw new Exception(Exception::USER_EMAIL_ALREADY_EXISTS);
+                    throw new Exception(Exception::GENERAL_BAD_REQUEST); /** Return a generic bad request to prevent exposing existing accounts */
                }

                try {
@ -695,7 +695,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
                Query::notEqual('userId', $user->getId()),
            ]);
            if (!empty($identitiesWithMatchingEmail)) {
-                throw new Exception(Exception::USER_EMAIL_ALREADY_EXISTS);
+                throw new Exception(Exception::GENERAL_BAD_REQUEST); /** Return a generic bad request to prevent exposing existing accounts */
            }

            $dbForProject->createDocument('identities', new Document([
@ -944,7 +944,7 @@ App::post('/v1/account/sessions/magic-url')
                Query::equal('providerEmail', [$email]),
            ]);
            if ($identityWithMatchingEmail !== false && !$identityWithMatchingEmail->isEmpty()) {
-                throw new Exception(Exception::USER_EMAIL_ALREADY_EXISTS);
+                throw new Exception(Exception::GENERAL_BAD_REQUEST); /** Return a generic bad request to prevent exposing existing accounts */
            }

            $userId = $userId === 'unique()' ? ID::unique() : $userId;
@ -1988,7 +1988,7 @@ App::patch('/v1/account/email')
            Query::notEqual('userId', $user->getId()),
        ]);
        if ($identityWithMatchingEmail !== false && !$identityWithMatchingEmail->isEmpty()) {
-            throw new Exception(Exception::USER_EMAIL_ALREADY_EXISTS);
+            throw new Exception(Exception::GENERAL_BAD_REQUEST); /** Return a generic bad request to prevent exposing existing accounts */
        }

        $user
@ -2007,7 +2007,7 @@ App::patch('/v1/account/email')
        try {
            $user = $dbForProject->withRequestTimestamp($requestTimestamp, fn () => $dbForProject->updateDocument('users', $user->getId(), $user));
        } catch (Duplicate) {
-            throw new Exception(Exception::USER_EMAIL_ALREADY_EXISTS);
+            throw new Exception(Exception::GENERAL_BAD_REQUEST); /** Return a generic bad request to prevent exposing existing accounts */
        }

        $queueForEvents->setParam('userId', $user->getId());
--- a/src/Appwrite/Extend/Exception.php
+++ b/src/Appwrite/Extend/Exception.php
@ -55,6 +55,7 @@ class Exception extends \Exception
    public const GENERAL_CODES_DISABLED            = 'general_codes_disabled';
    public const GENERAL_USAGE_DISABLED            = 'general_usage_disabled';
    public const GENERAL_NOT_IMPLEMENTED           = 'general_not_implemented';
+    public const GENERAL_BAD_REQUEST               = 'general_bad_request';

    /** Users */
    public const USER_COUNT_EXCEEDED               = 'user_count_exceeded';
--- a/tests/e2e/Services/Account/AccountCustomClientTest.php
+++ b/tests/e2e/Services/Account/AccountCustomClientTest.php
@ -476,7 +476,7 @@ class AccountCustomClientTest extends Scope
            'password' => $password,
        ]);

-        $this->assertEquals($response['headers']['status-code'], 409);
+        $this->assertEquals($response['headers']['status-code'], 400);

        /**
         * Test for SUCCESS