add InvalidCredentialsError with language-agnostic code (#15472)

* add InvalidCredentialsError with language-agnostic code and update backend & web logout logic * error.code in API error responses Updated the error handler to serialize responseErr.code as the JSON error field, falling back to responseErr.name when no code is set. * fix(lint): whitespace and missing def * fix(lint): missed one * add InvalidCredentialsError case for bad token Add test verifying that auth middleware throws InvalidCredentialsError with code "invalid_credentials" and correct translated message when the API token is invalid. * fix(test): user fields implicitly required --------- Co-authored-by: Kalista Payne <sabrecat@gmail.com>
2025-12-17 22:57:21 +01:00 · 2025-07-15 09:49:11 -05:00
parent 03c7e9172e
commit f26d2a59ae
5 changed files with 45 additions and 6 deletions
--- a/website/server/middlewares/auth.js
+++ b/website/server/middlewares/auth.js
@@ -2,6 +2,7 @@ import moment from 'moment';
 import nconf from 'nconf';
 import url from 'url';
 import {
+  InvalidCredentialsError,
  NotAuthorized,
 } from '../libs/errors';
 import {
@@ -81,7 +82,7 @@ export function authWithHeaders (options = {}) {
      .exec()
      .then(user => {
        if (!user || apiToken !== user.apiToken) {
-          throw new NotAuthorized(res.t('invalidCredentials'));
+          throw new InvalidCredentialsError(res.t('invalidCredentials'));
        }

        if (user.auth.blocked) {