Add error handling to identity accounts controller (#1909)

2025-02-16 01:51:21 +01:00 · 2022-03-14 20:08:01 -05:00 · 2022-03-14 20:08:01 -05:00 · 9a9c9d4bf6
commit 9a9c9d4bf6
parent 76ddcfa2dc
3 changed files with 95 additions and 1 deletions
--- a/src/Identity/Controllers/AccountsController.cs
+++ b/src/Identity/Controllers/AccountsController.cs
@ -8,12 +8,14 @@ using Bit.Core.Models.Data;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Bit.SharedWeb.Utilities;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 namespace Bit.Identity.Controllers
 {
    [Route("accounts")]
    [ExceptionHandlerFilter]
    public class AccountsController : Controller
    {
        private readonly ILogger<AccountsController> _logger;
--- a/src/Identity/Startup.cs
+++ b/src/Identity/Startup.cs
@ -58,7 +58,6 @@ namespace Bit.Identity
            services.AddMemoryCache();
            // Mvc
            // MVC
            services.AddMvc(config =>
            {
                config.Filters.Add(new ModelStateValidationFilterAttribute());
--- a/src/SharedWeb/Utilities/ExceptionHandlerFilterAttribute.cs
+++ b/src/SharedWeb/Utilities/ExceptionHandlerFilterAttribute.cs
@ -0,0 +1,93 @@
 using System;
 using Bit.Core.Exceptions;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Filters;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using Microsoft.Extensions.Logging;
 using Microsoft.IdentityModel.Tokens;
 using Stripe;
 using InternalApi = Bit.Core.Models.Api;
 namespace Bit.SharedWeb.Utilities
 {
    public class ExceptionHandlerFilterAttribute : ExceptionFilterAttribute
    {
        public ExceptionHandlerFilterAttribute()
        {
        }
        public override void OnException(ExceptionContext context)
        {
            var errorMessage = "An error has occurred.";
            var exception = context.Exception;
            if (exception == null)
            {
                // Should never happen.
                return;
            }
            InternalApi.ErrorResponseModel internalErrorModel = null;
            if (exception is BadRequestException badRequestException)
            {
                context.HttpContext.Response.StatusCode = 400;
                if (badRequestException.ModelState != null)
                {
                    internalErrorModel = new InternalApi.ErrorResponseModel(badRequestException.ModelState);
                }
                else
                {
                    errorMessage = badRequestException.Message;
                }
            }
            else if (exception is GatewayException)
            {
                errorMessage = exception.Message;
                context.HttpContext.Response.StatusCode = 400;
            }
            else if (exception is NotSupportedException && !string.IsNullOrWhiteSpace(exception.Message))
            {
                errorMessage = exception.Message;
                context.HttpContext.Response.StatusCode = 400;
            }
            else if (exception is ApplicationException)
            {
                context.HttpContext.Response.StatusCode = 402;
            }
            else if (exception is NotFoundException)
            {
                errorMessage = "Resource not found.";
                context.HttpContext.Response.StatusCode = 404;
            }
            else if (exception is SecurityTokenValidationException)
            {
                errorMessage = "Invalid token.";
                context.HttpContext.Response.StatusCode = 403;
            }
            else if (exception is UnauthorizedAccessException)
            {
                errorMessage = "Unauthorized.";
                context.HttpContext.Response.StatusCode = 401;
            }
            else
            {
                var logger = context.HttpContext.RequestServices.GetRequiredService<ILogger<ExceptionHandlerFilterAttribute>>();
                logger.LogError(0, exception, exception.Message);
                errorMessage = "An unhandled server error has occurred.";
                context.HttpContext.Response.StatusCode = 500;
            }
            var errorModel = internalErrorModel ?? new InternalApi.ErrorResponseModel(errorMessage);
            var env = context.HttpContext.RequestServices.GetRequiredService<IWebHostEnvironment>();
            if (env.IsDevelopment())
            {
                errorModel.ExceptionMessage = exception.Message;
                errorModel.ExceptionStackTrace = exception.StackTrace;
                errorModel.InnerExceptionMessage = exception?.InnerException?.Message;
            }
            context.Result = new ObjectResult(errorModel);
        }
    }
 }