Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: auth error handling noise #3666

Merged
merged 10 commits into from
May 23, 2024
Merged

fix: auth error handling noise #3666

merged 10 commits into from
May 23, 2024

Conversation

wmoussa-gc
Copy link
Contributor

@wmoussa-gc wmoussa-gc commented May 17, 2024
edited

Summary | Résumé

Fixes #3657 (The new version of NextAuth throws an error for any bad login attempt. This affects the MFA section)

This PR fine-tunes the AuthJs logger customization.
It also fixes a flaky test.

@github-actions GitHub Actions
Copy link
Contributor

🧪 Review environment

https://uedjhcfmmzotxpoaeldutnl5iy0bwnko.lambda-url.ca-central-1.on.aws/

wmoussa-gc
wmoussa-gc commented May 21, 2024
View reviewed changes
lib/nagware.ts
@@ -30,7 +30,7 @@ export async function detectOldUnprocessedSubmissions(
const diffMs = Math.abs(currentDate - current.createdAt);

// 86400000 milliseconds = 1 Day
const diffDays = Math.ceil(diffMs / 86400000);
const diffDays = Math.floor(diffMs / 86400000);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is to solve for a flaky test: nagware.test.ts.

A quick test case simulation shows that using Date.now in the test and Date.now later in the app code creates a tiny delta that is amplified by Math.ceil.

image

@wmoussa-gc wmoussa-gc marked this pull request as ready for review May 21, 2024 16:42
@bryan-robitaille
Copy link
Contributor

Completely removing the logger configuration for error does have some consequences that we'll need to handle before merging. Removing the configuration block results in any Errors that are thrown in Next-Auth, including in our custom code in Callbacks and Events, to not be logged. If there are any issues with our backend services while creating the JWT or Session and logging the events of sign in or sign out, the errors will not be logged and we would not be advised of any possible issues.

@wmoussa-gc
Copy link
Contributor Author

wmoussa-gc commented May 21, 2024
edited

Removing the configuration block results in any Errors that are thrown in Next-Auth, including in our custom code in Callbacks and Events, to not be logged

But this comment assumes we are not catching auth errors or any unhandled errors anywhere in the application. Do you mean a different format of error logging that we might be missing?

Keep in mind, AuthJs should not be swallowing the errors thrown by the framework. The logger configuration is optional and is usually enabled if we want to treat auth logs differently from the rest of the application.

@bryan-robitaille
Copy link
Contributor

Keep in mind, AuthJs should not be swallowing the errors thrown by the framework.

In testing I threw errors in the callbacks and events and they did not bubble up. This is because the error() {} swallows the errors because the property is defined. If the error() is not in the configuration I assume the credential Errors will also be thrown as an unhandled error?

wmoussa-gc
wmoussa-gc commented May 22, 2024
View reviewed changes
lib/auth/nextAuth.ts
@@ -175,11 +174,14 @@ export const {
// account is only available on the first call to the JWT function
if (account?.provider) {
if (!token.email) {
throw new Error(`JWT token does not have an email for user with name ${token.name}`);
logMessage.error(`JWT token does not have an email for user with name ${token.name}`);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Logs example when in production:

{"level":"error","time":1716406719058,"msg":"JWT token does not have an email for user with name Wissam Moussa"}
{"level":"error","time":1716406719058,"msg":"NextAuth error: {\"name\":\"s\",\"type\":\"CallbackRouteError\",\"kind\":\"error\",\"message\":\"Read more at https://errors.authjs.dev#callbackrouteerror\"}."}

bryan-robitaille
bryan-robitaille approved these changes May 23, 2024
View reviewed changes
Copy link
Contributor

@bryan-robitaille bryan-robitaille left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@wmoussa-gc wmoussa-gc enabled auto-merge (squash) May 23, 2024 14:40
@wmoussa-gc wmoussa-gc merged commit 0798684 into develop May 23, 2024
13 checks passed
@wmoussa-gc wmoussa-gc deleted the nextauth-error-handling branch May 23, 2024 14:47
@sre-read-write sre-read-write bot mentioned this pull request Jun 10, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bryan-robitaille bryan-robitaille bryan-robitaille approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Next Auth creating unnecessary errors
2 participants
@wmoussa-gc @bryan-robitaille