Skip to content

Commit

Permalink
fix(auth): only Report Response Validation Errors
Browse files Browse the repository at this point in the history 
Because:

* we do not want to be inundated with request validation errors that are outside of our control

This commit:

* updates the reporting logic to only report response validation errors for all environments

Closes #FXA-7664
  • Loading branch information
@IvoJP @dschom
IvoJP authored and dschom committed Jun 16, 2023
1 parent 870ef1b commit f5396cb
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 22 deletions.
20 changes: 14 additions & 6 deletions packages/fxa-auth-server/lib/server.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,10 +43,6 @@ function trimLocale(header) {
}

function logValidationError(response, log) {
if (response?.__proto__.name !== 'ValidationError') {
return;
}

log.error('server.ValidationError', response);
reportValidationError(response.stack, response);
}
Expand Down Expand Up @@ -316,9 +312,21 @@ async function create(log, error, config, routes, db, statsd) {
let response = request.response;
if (response.isBoom) {
logEndpointErrors(response, log);
logValidationError(response, log);

// Do not log errors that either aren't a validation error or have a status code below 500
// ValidationError that are 4xx status are request validation errors
if (
response?.__proto__.name === 'ValidationError' &&
response.output &&
response.output.statusCode >= 500
) {
logValidationError(response, log);
}

response = error.translate(request, response);
response.backtrace(request.app.traced);
if (config.env !== 'prod') {
response.backtrace(request.app.traced);
}
}
response.header('Timestamp', `${Math.floor(Date.now() / 1000)}`);
return response;
Expand Down
17 changes: 1 addition & 16 deletions packages/fxa-auth-server/test/local/server.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ describe('lib/server', () => {

describe('logValidationError', () => {
const msg = 'Invalid response payload';
let response = {
const response = {
__proto__: {
name: 'ValidationError',
},
Expand Down Expand Up @@ -110,20 +110,6 @@ describe('lib/server', () => {
response
);
});

it('does not log or report other types of errors', () => {
response = {
__proto__: {
name: 'OtherError',
},
};
const mockLog = {
error: sinon.stub(),
};
server._logValidationError(response, mockLog);
sinon.assert.notCalled(mockLog.error);
sinon.assert.notCalled(mockReportValidationError);
});
});

describe('set up mocks:', () => {
Expand Down Expand Up @@ -606,7 +592,6 @@ describe('lib/server', () => {
errno: 125,
error: 'Request blocked',
info: 'https://mozilla.github.io/ecosystem-platform/api#section/Response-format',
log: undefined,
message: 'The request was blocked for security reasons',
};
beforeEach(() => {
Expand Down

0 comments on commit f5396cb

Please sign in to comment.