add InvalidCredentialsError with language-agnostic code (#15472)

* add InvalidCredentialsError with language-agnostic code and update backend & web logout logic * error.code in API error responses Updated the error handler to serialize responseErr.code as the JSON error field, falling back to responseErr.name when no code is set. * fix(lint): whitespace and missing def * fix(lint): missed one * add InvalidCredentialsError case for bad token Add test verifying that auth middleware throws InvalidCredentialsError with code "invalid_credentials" and correct translated message when the API token is invalid. * fix(test): user fields implicitly required --------- Co-authored-by: Kalista Payne <sabrecat@gmail.com>
2025-12-17 22:57:21 +01:00 · 2025-07-15 09:49:11 -05:00
parent 03c7e9172e
commit f26d2a59ae
5 changed files with 45 additions and 6 deletions
--- a/website/server/libs/errors.js
+++ b/website/server/libs/errors.js
@@ -117,3 +117,27 @@ export class InternalServerError extends CustomError {
    this.message = customMessage || 'An unexpected error occurred.';
  }
 }
+
+/**
+ * @apiDefine InvalidCredentials
+ * @apiError InvalidCredentials The user’s credentials are no longer valid.
+ *
+ * @apiNote
+ *   The 'invalid_credentials' error code is language-agnostic:
+ *   clients should use this code (regardless of locale or translated message)
+ *   to unambiguously trigger a user logout.
+ *
+ * @apiErrorExample Error-Response:
+ *     HTTP/1.1 401 Unauthorized
+ *     {
+ *       "error": "invalid_credentials",
+ *       "message": "There is no account that uses those credentials."
+ *     }
+ */
+export class InvalidCredentialsError extends NotAuthorized {
+  constructor (message) {
+    super(message);
+    this.name = this.constructor.name;
+    this.code = 'invalid_credentials';
+  }
+}