From f5396cbe81b34442e2850bcf64631febf22db54b Mon Sep 17 00:00:00 2001
From: Ivo Plamenac <iplamenac@mozilla.com>
Date: Thu, 15 Jun 2023 12:36:22 -0700
Subject: [PATCH] fix(auth): only Report Response Validation Errors Because:

* we do not want to be inundated with request validation errors that are outside of our control

This commit:

* updates the reporting logic to only report response validation errors for all environments

Closes #FXA-7664
---
 packages/fxa-auth-server/lib/server.js        | 20 +++++++++++++------
 packages/fxa-auth-server/test/local/server.js | 17 +---------------
 2 files changed, 15 insertions(+), 22 deletions(-)

diff --git a/packages/fxa-auth-server/lib/server.js b/packages/fxa-auth-server/lib/server.js
index f8135177629..71985648cac 100644
--- a/packages/fxa-auth-server/lib/server.js
+++ b/packages/fxa-auth-server/lib/server.js
@@ -43,10 +43,6 @@ function trimLocale(header) {
 }
 
 function logValidationError(response, log) {
-  if (response?.__proto__.name !== 'ValidationError') {
-    return;
-  }
-
   log.error('server.ValidationError', response);
   reportValidationError(response.stack, response);
 }
@@ -316,9 +312,21 @@ async function create(log, error, config, routes, db, statsd) {
     let response = request.response;
     if (response.isBoom) {
       logEndpointErrors(response, log);
-      logValidationError(response, log);
+
+      // Do not log errors that either aren't a validation error or have a status code below 500
+      // ValidationError that are 4xx status are request validation errors
+      if (
+        response?.__proto__.name === 'ValidationError' &&
+        response.output &&
+        response.output.statusCode >= 500
+      ) {
+        logValidationError(response, log);
+      }
+
       response = error.translate(request, response);
-      response.backtrace(request.app.traced);
+      if (config.env !== 'prod') {
+        response.backtrace(request.app.traced);
+      }
     }
     response.header('Timestamp', `${Math.floor(Date.now() / 1000)}`);
     return response;
diff --git a/packages/fxa-auth-server/test/local/server.js b/packages/fxa-auth-server/test/local/server.js
index 0c331a9cefd..f6b73b3b619 100644
--- a/packages/fxa-auth-server/test/local/server.js
+++ b/packages/fxa-auth-server/test/local/server.js
@@ -77,7 +77,7 @@ describe('lib/server', () => {
 
   describe('logValidationError', () => {
     const msg = 'Invalid response payload';
-    let response = {
+    const response = {
       __proto__: {
         name: 'ValidationError',
       },
@@ -110,20 +110,6 @@ describe('lib/server', () => {
         response
       );
     });
-
-    it('does not log or report other types of errors', () => {
-      response = {
-        __proto__: {
-          name: 'OtherError',
-        },
-      };
-      const mockLog = {
-        error: sinon.stub(),
-      };
-      server._logValidationError(response, mockLog);
-      sinon.assert.notCalled(mockLog.error);
-      sinon.assert.notCalled(mockReportValidationError);
-    });
   });
 
   describe('set up mocks:', () => {
@@ -606,7 +592,6 @@ describe('lib/server', () => {
             errno: 125,
             error: 'Request blocked',
             info: 'https://mozilla.github.io/ecosystem-platform/api#section/Response-format',
-            log: undefined,
             message: 'The request was blocked for security reasons',
           };
           beforeEach(() => {