Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Rust] update_registration_flow error handling #331

Open
4 of 5 tasks
fraschm1998 opened this issue Feb 17, 2024 · 1 comment
Open
4 of 5 tasks

[Rust] update_registration_flow error handling #331

fraschm1998 opened this issue Feb 17, 2024 · 1 comment
Labels
bug Something is not working.

Comments

@fraschm1998
Copy link

fraschm1998 commented Feb 17, 2024

Preflight checklist

Ory Network Project

No response

Describe the bug

UpdateRegistrationFlow ResponseContent.entity returns a different empty status compared to ResponseContent.statuscode. ErrorBrowserLocationChangeRequired always returns None:

pub struct ResponseContent<T> {
    pub status: [StatusCode](https://docs.rs/http/0.2.11/http/status/struct.StatusCode.html),
    pub content: [String](https://doc.rust-lang.org/nightly/alloc/string/struct.String.html),
    pub entity: [Option](https://doc.rust-lang.org/nightly/core/option/enum.Option.html)<T>,
}
ResponseContent {                                                                                                                                              
    status: 400,                                                                                                                                                          
    content: "{\"id\":\"523d1fbe-ea1c-41f5-9668-ea5f2e835e77\",\"oauth2_login_challenge\":null,\"type\":\"browser\",\"expires_at\":\"2024-02-17T20:32:11.599968Z\",\"issue
d_at\":\"2024-02-17T20:22:11.599968Z\",\"request_url\":\"http://127.0.0.1:4433/self-service/registration/browser\",\"ui\":{\"action\":\"http://127.0.0.1:4455/.ory/kratos/
public/self-service/registration?flow=523d1fbe-ea1c-41f5-9668-ea5f2e835e77\",\"method\":\"POST\",\"nodes\":[{\"type\":\"input\",\"group\":\"default\",\"attributes\":{\"na
me\":\"csrf_token\",\"type\":\"hidden\",\"value\":\"lHGdy8Jg7U2bc4Zj8LSvvi953WxVSvOPOwDlzQt6A1IU5LcDNs1TeTmCPbgRgepwTonOjLUALwkP3kfbpxe4wQ==\",\"required\":true,\"disable
d\":false,\"node_type\":\"input\"},\"messages\":[],\"meta\":{}},{\"type\":\"input\",\"group\":\"password\",\"attributes\":{\"name\":\"traits.email\",\"type\":\"email\",\"
value\":\"[email protected]\",\"required\":true,\"autocomplete\":\"email\",\"disabled\":false,\"node_type\":\"input\"},\"messages\":[],\"meta\":{\"label\":{\"id\":107
0002,\"text\":\"E-Mail\",\"type\":\"info\"}}},{\"type\":\"input\",\"group\":\"password\",\"attributes\":{\"name\":\"password\",\"type\":\"password\",\"required\":true,\"a
utocomplete\":\"new-password\",\"disabled\":false,\"node_type\":\"input\"},\"messages\":[{\"id\":4000005,\"text\":\"The password can not be used because the password has 
been found in data breaches and must no longer be used.\",\"type\":\"error\",\"context\":{\"reason\":\"the password has been found in data breaches and must no longer be 
used\"}}],\"meta\":{\"label\":{\"id\":1070001,\"text\":\"Password\",\"type\":\"info\"}}},{\"type\":\"input\",\"group\":\"password\",\"attributes\":{\"name\":\"traits.name
.first\",\"type\":\"text\",\"value\":\"adsasd\",\"disabled\":false,\"node_type\":\"input\"},\"messages\":[],\"meta\":{\"label\":{\"id\":1070002,\"text\":\"First Name\",\"
type\":\"info\"}}},{\"type\":\"input\",\"group\":\"password\",\"attributes\":{\"name\":\"traits.name.last\",\"type\":\"text\",\"value\":\"asdasd\",\"disabled\":false,\"no
de_type\":\"input\"},\"messages\":[],\"meta\":{\"label\":{\"id\":1070002,\"text\":\"Last Name\",\"type\":\"info\"}}},{\"type\":\"input\",\"group\":\"password\",\"attribut
es\":{\"name\":\"method\",\"type\":\"submit\",\"value\":\"password\",\"disabled\":false,\"node_type\":\"input\"},\"messages\":[],\"meta\":{\"label\":{\"id\":1040001,\"tex
t\":\"Sign up\",\"type\":\"info\",\"context\":{}}}}]}}\n",                                                                                                                
    entity: Some(                                                                                                                                                         
        Status422(                                                                                                                                                        
            ErrorBrowserLocationChangeRequired {                                                                                                                          
                error: None,                                                                                                                                              
                redirect_browser_to: None,                                                                                                                                
            },                                                                                                                                                            
        ),                                                                                                                                                                
    ),                                                                                                                                                                    
}

Reproducing the bug

Make a post request with an already registered email address.

Relevant log output

No response

Relevant configuration

No response

Version

ory-client 1.6.1 with latest docker container

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Docker Compose

Additional Context

No response

@fraschm1998 fraschm1998 added the bug Something is not working. label Feb 17, 2024
@Jeremiah-Griffin
Copy link

Jeremiah-Griffin commented Feb 27, 2024

Despite what the return value says, your login is may be succesful: If the error is successful, following the link returned in the action field of the json object will supply the session and user data. Additionally, you can strip the flow id from the ?flow= parameter of the url:

\"action\":\"http://127.0.0.1:4455/.ory/kratos/
public/self-service/registration?flow=523d1fbe-ea1c-41f5-9668-ea5f2e835e77

A few notes for posterity:

  • If you're building an SPA, the docs say to never redirect to the "BrowserRedirect" link
  • the api will request a redirect even if you request an native flow, in which case it knows you don't have a browser to redirect. You have to query the redirect endpoint regardless. Likewise, if ever you introduce a native/api flow, you still have to initiate and submit a flow ID despite what the documentation says; it should be treated identically to a browser with the exception of the token type the api returns.
  • The status 422 error is returned even when the login is successful.. If your login is a failure, to the best of my recollection you will still get the 422 error, but the error field will switch from none to a string description of the error that should be viewed by the user. If you're doing automatic backoff, logging, etc you should be sure to adjust your predicates to distinguish between a successful 422 error and an erroneous 422 error. However, since it's not documented as whether this endpoint can emit an 422: unprocessable content , I would advise against handling it as a general case

Some if this is probably wrong. The api's use of 422 is really poorly documented - for example, the documentation explicitly that a 422 should not be returned on successs...yet it does. Likewise, native flows aren't supposed to return 422 at all, but they do 🤷

You shouldn't trust what the docs say or what the api returns, but instead either search the identities using the admin api or the ory console.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something is not working.
Projects
None yet
Development

No branches or pull requests

2 participants