From 3d31d1b934222349afe0d5fb1b52fcfce4520163 Mon Sep 17 00:00:00 2001
From: Thomas Heartman <thomas@getunleash.ai>
Date: Thu, 27 Apr 2023 15:51:37 +0200
Subject: [PATCH] fix: ensure that the owaspvalidationerrors always contain all
 errors (#3638)

## What

This fixes a bug where the owasp validation response that came back from
the server no longer contained all its validation errors. This caused
the UI to slightly break and for the password validation box not to
update correctly.

This is a quick fix (but with tests!). I'm working on a better design
for this on the side, but it seemed pertinent to get this out ASAP.
---
 src/lib/error/api-error.test.ts | 13 +++++++++++++
 src/lib/error/api-error.ts      | 21 ++++++++++++++++++++-
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/src/lib/error/api-error.test.ts b/src/lib/error/api-error.test.ts
index 8077246fd8..ed52fce940 100644
--- a/src/lib/error/api-error.test.ts
+++ b/src/lib/error/api-error.test.ts
@@ -1,3 +1,4 @@
+import owasp from 'owasp-password-strength-test';
 import { ErrorObject } from 'ajv';
 import {
     ApiErrorSchema,
@@ -9,6 +10,7 @@ import {
     UnleashError,
 } from './api-error';
 import BadDataError from './bad-data-error';
+import OwaspValidationError from './owasp-validation-error';
 
 describe('v5 deprecation: backwards compatibility', () => {
     it.each(UnleashApiErrorTypes)(
@@ -320,3 +322,14 @@ describe('OpenAPI error conversion', () => {
         expect(description.includes(illegalValue)).toBeTruthy();
     });
 });
+
+describe('Error serialization special cases', () => {
+    it('OwaspValidationErrors: adds `validationErrors` to `details`', () => {
+        const results = owasp.test('123');
+        const error = new OwaspValidationError(results);
+        const json = fromLegacyError(error).toJSON();
+
+        expect(json.details!![0].message).toBe(results.errors[0]);
+        expect(json.details!![0].validationErrors).toBe(results.errors);
+    });
+});
diff --git a/src/lib/error/api-error.ts b/src/lib/error/api-error.ts
index 70fa805118..028c1307ac 100644
--- a/src/lib/error/api-error.ts
+++ b/src/lib/error/api-error.ts
@@ -1,6 +1,7 @@
 import { v4 as uuidV4 } from 'uuid';
 import { FromSchema } from 'json-schema-to-ts';
 import { ErrorObject } from 'ajv';
+import OwaspValidationError from './owasp-validation-error';
 
 export const UnleashApiErrorTypes = [
     'ContentTypeError',
@@ -14,7 +15,6 @@ export const UnleashApiErrorTypes = [
     'NotFoundError',
     'NotImplementedError',
     'OperationDeniedError',
-    'OwaspValidationError',
     'PasswordMismatch',
     'PasswordMismatchError',
     'PasswordUndefinedError',
@@ -34,6 +34,7 @@ const UnleashApiErrorTypesWithExtraData = [
     'AuthenticationRequired',
     'NoAccessError',
     'InvalidTokenError',
+    'OwaspValidationError',
 ] as const;
 
 const AllUnleashApiErrorTypes = [
@@ -136,6 +137,15 @@ type UnleashErrorData =
                     ...ValidationErrorDescription[],
                 ];
             }
+          | {
+                name: 'OwaspValidationError';
+                details: [
+                    {
+                        validationErrors: string[];
+                        message: string;
+                    },
+                ];
+            }
       );
 
 export class UnleashError extends Error {
@@ -245,6 +255,15 @@ export const fromLegacyError = (e: Error): UnleashError => {
         });
     }
 
+    if (name === 'OwaspValidationError') {
+        return new UnleashError({
+            name,
+            message:
+                'Password validation failed. Refer to the `details` property.',
+            details: (e as OwaspValidationError).toJSON().details,
+        });
+    }
+
     if (name === 'AuthenticationRequired') {
         return new UnleashError({
             name,