[Rust] update_registration_flow error handling
Opened this issue · 1 comments
fraschm1998 commented
Preflight checklist
- I could not find a solution in the existing issues, docs, nor discussions.
- I agree to follow this project's Code of Conduct.
- I have read and am following this repository's Contribution Guidelines.
- I have joined the Ory Community Slack.
- I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
No response
Describe the bug
UpdateRegistrationFlow ResponseContent.entity returns a different empty status compared to ResponseContent.statuscode. ErrorBrowserLocationChangeRequired always returns None:
pub struct ResponseContent<T> {
pub status: [StatusCode](https://docs.rs/http/0.2.11/http/status/struct.StatusCode.html),
pub content: [String](https://doc.rust-lang.org/nightly/alloc/string/struct.String.html),
pub entity: [Option](https://doc.rust-lang.org/nightly/core/option/enum.Option.html)<T>,
}
ResponseContent {
status: 400,
content: "{\"id\":\"523d1fbe-ea1c-41f5-9668-ea5f2e835e77\",\"oauth2_login_challenge\":null,\"type\":\"browser\",\"expires_at\":\"2024-02-17T20:32:11.599968Z\",\"issue
d_at\":\"2024-02-17T20:22:11.599968Z\",\"request_url\":\"http://127.0.0.1:4433/self-service/registration/browser\",\"ui\":{\"action\":\"http://127.0.0.1:4455/.ory/kratos/
public/self-service/registration?flow=523d1fbe-ea1c-41f5-9668-ea5f2e835e77\",\"method\":\"POST\",\"nodes\":[{\"type\":\"input\",\"group\":\"default\",\"attributes\":{\"na
me\":\"csrf_token\",\"type\":\"hidden\",\"value\":\"lHGdy8Jg7U2bc4Zj8LSvvi953WxVSvOPOwDlzQt6A1IU5LcDNs1TeTmCPbgRgepwTonOjLUALwkP3kfbpxe4wQ==\",\"required\":true,\"disable
d\":false,\"node_type\":\"input\"},\"messages\":[],\"meta\":{}},{\"type\":\"input\",\"group\":\"password\",\"attributes\":{\"name\":\"traits.email\",\"type\":\"email\",\"
value\":\"test@example.com\",\"required\":true,\"autocomplete\":\"email\",\"disabled\":false,\"node_type\":\"input\"},\"messages\":[],\"meta\":{\"label\":{\"id\":107
0002,\"text\":\"E-Mail\",\"type\":\"info\"}}},{\"type\":\"input\",\"group\":\"password\",\"attributes\":{\"name\":\"password\",\"type\":\"password\",\"required\":true,\"a
utocomplete\":\"new-password\",\"disabled\":false,\"node_type\":\"input\"},\"messages\":[{\"id\":4000005,\"text\":\"The password can not be used because the password has
been found in data breaches and must no longer be used.\",\"type\":\"error\",\"context\":{\"reason\":\"the password has been found in data breaches and must no longer be
used\"}}],\"meta\":{\"label\":{\"id\":1070001,\"text\":\"Password\",\"type\":\"info\"}}},{\"type\":\"input\",\"group\":\"password\",\"attributes\":{\"name\":\"traits.name
.first\",\"type\":\"text\",\"value\":\"adsasd\",\"disabled\":false,\"node_type\":\"input\"},\"messages\":[],\"meta\":{\"label\":{\"id\":1070002,\"text\":\"First Name\",\"
type\":\"info\"}}},{\"type\":\"input\",\"group\":\"password\",\"attributes\":{\"name\":\"traits.name.last\",\"type\":\"text\",\"value\":\"asdasd\",\"disabled\":false,\"no
de_type\":\"input\"},\"messages\":[],\"meta\":{\"label\":{\"id\":1070002,\"text\":\"Last Name\",\"type\":\"info\"}}},{\"type\":\"input\",\"group\":\"password\",\"attribut
es\":{\"name\":\"method\",\"type\":\"submit\",\"value\":\"password\",\"disabled\":false,\"node_type\":\"input\"},\"messages\":[],\"meta\":{\"label\":{\"id\":1040001,\"tex
t\":\"Sign up\",\"type\":\"info\",\"context\":{}}}}]}}\n",
entity: Some(
Status422(
ErrorBrowserLocationChangeRequired {
error: None,
redirect_browser_to: None,
},
),
),
}
Reproducing the bug
Make a post request with an already registered email address.
Relevant log output
No response
Relevant configuration
No response
Version
ory-client 1.6.1 with latest docker container
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Docker Compose
Additional Context
No response
Jeremiah-Griffin commented
Despite what the return value says, your login is may be succesful: If the error is successful, following the link returned in the action field of the json object will supply the session and user data. Additionally, you can strip the flow id from the ?flow= parameter of the url:
\"action\":\"http://127.0.0.1:4455/.ory/kratos/
public/self-service/registration?flow=523d1fbe-ea1c-41f5-9668-ea5f2e835e77
A few notes for posterity:
- If you're building an SPA, the docs say to never redirect to the "BrowserRedirect" link
- the api will request a redirect even if you request an native flow, in which case it knows you don't have a browser to redirect. You have to query the redirect endpoint regardless. Likewise, if ever you introduce a native/api flow, you still have to initiate and submit a flow ID despite what the documentation says; it should be treated identically to a browser with the exception of the token type the api returns.
- The status 422 error is returned even when the login is successful.. If your login is a failure, to the best of my recollection you will still get the 422 error, but the
errorfield will switch fromnoneto a string description of the error that should be viewed by the user. If you're doing automatic backoff, logging, etc you should be sure to adjust your predicates to distinguish between a successful 422 error and an erroneous 422 error. However, since it's not documented as whether this endpoint can emit an422: unprocessable content, I would advise against handling it as a general case
Some if this is probably wrong. The api's use of 422 is really poorly documented - for example, the documentation explicitly that a 422 should not be returned on successs...yet it does. Likewise, native flows aren't supposed to return 422 at all, but they do 🤷
You shouldn't trust what the docs say or what the api returns, but instead either search the identities using the admin api or the ory console.