Forms-801_improving_api_error_messaging

bcgov · Jul 13, 2023 · 56e90ea · 56e90ea
2 parents 5e828e9 + 3c0eb5e
commit 56e90ea
Show file tree

Hide file tree

Showing 2 changed files with 187 additions and 167 deletions.
diff --git a/app/src/forms/auth/middleware/apiAccess.js b/app/src/forms/auth/middleware/apiAccess.js
@@ -6,45 +6,49 @@ const formService = require('../../form/service');
 const submissionService = require('../../submission/service');
 
 module.exports = async (req, res, next) => {
-  // Check if authorization header is basic auth
-  if (req.headers && req.headers.authorization && req.headers.authorization.startsWith('Basic ')) {
-    // URL params should override query string params of the same attribute
-    const params = { ...req.query, ...req.params };
-
-    // Basic auth is currently only used for form and submission endpoints. Use
-    // the formId if it exists, otherwise fetch the formId from the submission's
-    // form.
-    let formId;
-    if (params.formId) {
-      formId = params.formId;
-    } else if (params.formSubmissionId && uuidValidate(params.formSubmissionId)) {
-      const result = await submissionService.read(params.formSubmissionId);
-      formId = result?.form?.id;
+  try {
+    // Check if authorization header is basic auth
+    if (req.headers && req.headers.authorization && req.headers.authorization.startsWith('Basic ')) {
+      // URL params should override query string params of the same attribute
+      const params = { ...req.query, ...req.params };
+
+      // Basic auth is currently only used for form and submission endpoints. Use
+      // the formId if it exists, otherwise fetch the formId from the submission's
+      // form.
+      let formId;
+      if (params.formId) {
+        formId = params.formId;
+      } else if (params.formSubmissionId && uuidValidate(params.formSubmissionId)) {
+        const result = await submissionService.read(params.formSubmissionId);
+        formId = result?.form?.id;
+      }
+
+      let secret = ''; // Must be initialized as a string
+
+      if (formId && uuidValidate(formId)) {
+        const result = await formService.readApiKey(formId);
+        secret = result && result.secret ? result.secret : '';
+      }
+
+      const checkCredentials = basicAuth({
+        // Must be a synchronous function
+        authorizer: (username, password) => {
+          const userMatch = formId && basicAuth.safeCompare(username, formId);
+          const pwMatch = secret && basicAuth.safeCompare(password, secret);
+
+          req.apiUser = userMatch & pwMatch; // Flag current request as an API entity
+          return req.apiUser;
+        },
+        unauthorizedResponse: () => {
+          return new Problem(401, { detail: 'Invalid authorization credentials.' });
+        },
+      });
+
+      return checkCredentials(req, res, next);
+    } else {
+      next();
     }
-
-    let secret = ''; // Must be initialized as a string
-
-    if (formId && uuidValidate(formId)) {
-      const result = await formService.readApiKey(formId);
-      secret = result && result.secret ? result.secret : '';
-    }
-
-    const checkCredentials = basicAuth({
-      // Must be a synchronous function
-      authorizer: (username, password) => {
-        const userMatch = formId && basicAuth.safeCompare(username, formId);
-        const pwMatch = secret && basicAuth.safeCompare(password, secret);
-
-        req.apiUser = userMatch & pwMatch; // Flag current request as an API entity
-        return req.apiUser;
-      },
-      unauthorizedResponse: () => {
-        return new Problem(401, { detail: 'Invalid authorization credentials.' });
-      },
-    });
-
-    return checkCredentials(req, res, next);
-  } else {
-    next();
+  } catch (error) {
+    next(error);
   }
 };