kuzzle
kuzzle copied to clipboard
Error throwing in plugin auth strategy cause inconsistency
Hello,
implementing my own custom strategy, if any error is thrown in the create
hook, the user will still be created in ES.
const request = new this.context.constructors.Request({
action: "createUser",
body: {
content: {
profileIds: ["default"],
...user,
},
credentials: {
SSO: {
id: user!.id,
},
},
},
controller: "security",
refresh: "wait_for",
});
return this.context.accessors.execute(request);
This is correctly returning an error, however, the problem is about the fact that the user is created. It shouldn't.
I think there should be some kind of rollback that prevent user creation if all plugin middleware doesn't return a positive acknowledge.
Also an example of my create hook
async create(request: any, credentials: any, kuid: string) {
if (!credentials.id) {
return Promise.reject(new this.context.errors.BadRequestError("SSO ID needed"));
}
const exists = await this.exists(request, kuid);
if (exists) {
throw new this.context.errors.PreconditionError(`SSO credentials already exists for user "${kuid}".`);
}
const createdDocument = await this.ssoRepository.create(
{
id: credentials.id,
kuid,
},
{ refresh: "wait_for" },
);
return createdDocument;
}