-
Notifications
You must be signed in to change notification settings - Fork 964
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(api): mask db related errors #4967
fix(api): mask db related errors #4967
Conversation
✅ Deploy Preview for redwoodjs-docs canceled.
|
44606a5
to
fc8145a
Compare
Thanks @alicelovescake - this appears to cover one of the cases described in #4679 where an dbAuth db error info can get leaked. |
@alicelovescake Oh, I just realized that this is the framework and the app -- I realized that, too, when I wrote up that issue but forgot. You're right. Console is the only way to go. Sorry about that. |
no worries! You are probably juggling a million tickets and issues. Appreciate you taking a look at this one. Let me know anything else you recommend I should do get get this PR ready to merge! |
Should we consider different naming for Are there other dbauth-related errors? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is an amazing PR and description (as always) @alicelovescake
I like the GenericError name too @dthyresson!
I assume there's already a test case for what it displays with GenericError on the frontend?
Thanks for the feedback @dac09! I added 3 tests in the I know you already approved but I just want to resolve any questions before I merge! |
I think your tests are fine @alicelovescake - I was just checking if we had additional tests for custom login or signup error messages - and we do! I've also manually verified on Gitpod that the messages do come through! |
Looks like the smoke test is failing consistently (nothing you did @alicelovescake!); and it seems to be the same as this issue that was just reported: #5104. |
tldr;
This PR fixes the issue where errors caused by serverless functions can leak sensitive information
Changes made
packages/api/src/functions/dbAuth/errors.ts
packages/api/src/functions/dbAuth/DbAuthHandler.ts
in case of invalid clientOpen to lots of feedback! Happy to iterate on the approach or verbiage of the generic error we want to show to user
closes #4679