[Bug]: Passwordless API errors with a 500 if non-existent application Id provided #2814
Description
What happened?
When I ran a sample passwordless login script with an applicationId that did not exist, FusionAuth returned a 500.
API_KEY=VALID_SANDBOX_API_KEY
REQUEST_PAYLOAD='
{
"applicationId": "10000000-0000-0002-0000-000000000001",
"loginId": "jared@piedpiper.com",
"state": {
"client_id": "10000000-0000-0002-0000-000000000001",
"redirect_uri": "https://piedpiper.com/callback",
"response_type": "code",
"scope": "openid",
"state": "CSRF123"
}
}
'
curl -v -H "Content-type: application/json" -H "Authorization: $API_KEY" https://sandbox.fusionauth.io/api/passwordless/start -d "$REQUEST_PAYLOAD"
Here's an excerpt of the curl response:
* [HTTP/2] [1] [content-length: 303]
> POST /api/passwordless/start HTTP/2
> Host: sandbox.fusionauth.io
> User-Agent: curl/8.6.0
> Accept: */*
> Content-type: application/json
> Authorization: 90d8fb62-6f13-47d4-8ef6-1c3e687883c6
> Content-Length: 303
>
< HTTP/2 500
< date: Tue, 23 Jul 2024 22:44:07 GMT
< content-type: application/json; charset=UTF-8
< cache-control: no-store
Here's the output from the system log file:
2024-07-23 10:44:07.266 PM ERROR io.fusionauth.app.primeframework.error.ExceptionExceptionHandler - An unhandled exception was thrown
io.fusionauth.app.primeframework.exceptions.FusionAuthMissingFormatArgumentException: Failed to format message [[invalid]applicationId]. Cause: Format specifier '%s'
at io.fusionauth.app.service.FrontEndSupport.addFieldError(FrontEndSupport.java:214)
at io.fusionauth.app.service.FrontEndSupport.lambda$transfer$1(FrontEndSupport.java:686)
at java.base/java.lang.Iterable.forEach(Iterable.java:75)
at io.fusionauth.app.service.FrontEndSupport.lambda$transfer$2(FrontEndSupport.java:686)
at java.base/java.util.LinkedHashMap.forEach(LinkedHashMap.java:721)
at io.fusionauth.app.service.FrontEndSupport.transfer(FrontEndSupport.java:686)
at io.fusionauth.app.action.api.passwordless.StartAction.validate(StartAction.java:57)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at org.primeframework.mvc.util.ReflectionUtils.invoke(ReflectionUtils.java:443)
at org.primeframework.mvc.validation.DefaultValidationProcessor.validate(DefaultValidationProcessor.java:77)
at org.primeframework.mvc.validation.DefaultValidationWorkflow.perform(DefaultValidationWorkflow.java:44)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
at org.primeframework.mvc.security.DefaultSecurityWorkflow.perform(DefaultSecurityWorkflow.java:79)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
at org.primeframework.mvc.parameter.DefaultPostParameterWorkflow.perform(DefaultPostParameterWorkflow.java:49)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
at org.primeframework.mvc.content.DefaultContentWorkflow.perform(DefaultContentWorkflow.java:74)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
at org.primeframework.mvc.parameter.DefaultParameterWorkflow.perform(DefaultParameterWorkflow.java:58)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
at org.primeframework.mvc.parameter.DefaultURIParameterWorkflow.perform(DefaultURIParameterWorkflow.java:92)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
at org.primeframework.mvc.scope.DefaultScopeRetrievalWorkflow.perform(DefaultScopeRetrievalWorkflow.java:50)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
at org.primeframework.mvc.action.DefaultActionMappingWorkflow.perform(DefaultActionMappingWorkflow.java:119)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
at org.primeframework.mvc.security.DefaultSavedRequestWorkflow.perform(DefaultSavedRequestWorkflow.java:65)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
at org.primeframework.mvc.cors.CORSRequestWorkflow.perform(CORSRequestWorkflow.java:65)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
at org.primeframework.mvc.workflow.DefaultMVCWorkflow.perform(DefaultMVCWorkflow.java:108)
at org.primeframework.mvc.PrimeMVCRequestHandler.handle(PrimeMVCRequestHandler.java:73)
at io.fusionauth.http.server.HTTPWorker.run(HTTPWorker.java:50)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: java.util.MissingFormatArgumentException: Format specifier '%s'
at java.base/java.util.Formatter.format(Formatter.java:2688)
at org.primeframework.mvc.message.l10n.ResourceBundleMessageProvider.getOptionalMessage(ResourceBundleMessageProvider.java:103)
at org.primeframework.mvc.message.l10n.ResourceBundleMessageProvider.getMessage(ResourceBundleMessageProvider.java:76)
at io.fusionauth.app.service.FrontEndSupport.addFieldError(FrontEndSupport.java:211)
... 40 common frames omitted
If I tried the same message with a valid application but with passwordless functionality disabled, I get a 400, which is expected.
Version
1.51.2
Affects Versions
No response
Metadata
Metadata
Assignees
Labels
Type
Projects
Status