Get 500 error on client side but 403 in terminal for the backend

Edwin_Haver · July 5, 2023, 8:00am

I think this is a bug as far as I can see while debugging.

It throws a ValidationError which extends the ApplicationError in plugin-user-permissions > server > controllers > auth.js
Then it is caught in the middleware strapi > lib > middlewares > body.js and re-thrown. Here the error is an instance of Error but I cannot see if it is an instance of ApplicationError or ValidationError as this is not available in body.js.
Then it is caught in the middleware strapi > lib > middlewares > errors.js but here the error is no longer an instance of ApplicationError and therefore the HTTP status is set to 500 in formatInternalError as a catch all status.

I am not sure why the error is not recognized as ApplicationError as I do not understand the code enough. I will raise an issue on GitHub.

Edwin_Haver · July 5, 2023, 8:49am

Issue on GitHub submitted: https://github.com/strapi/strapi/issues/17194

supercede · July 21, 2023, 11:17am

Might be helpful to someone but I suddenly developed this issue when I created a plugin and imported ApplicationError from @strapi/utils - it broke error handling which was previously working perfectly. I was able to fix this issue by explicitly installing @strapi/utils in my project even though it was already in the node_modules folder.

Strapi version 4.6.1

matepaiva · July 21, 2023, 3:58pm

same problem here. dependencies:

"@strapi/strapi": "4.11.7",

branislavballon · August 15, 2023, 10:53am

Same issue using (typescript):

Node: v18.16.1
npm: 9.5.1
OS: node:18-alpine

It looks like errors in https://github.com/strapi/strapi/blob/main/packages/plugins/users-permissions/server/controllers/auth.js are not handled for some reason.

{
// package.json
    "@strapi/plugin-documentation": "4.12.1",
    "@strapi/plugin-i18n": "4.12.1",
    "@strapi/plugin-users-permissions": "4.12.1",
    "@strapi/provider-email-nodemailer": "4.12.1",
    "@strapi/strapi": "4.12.4"
//...
}

Strapi log (for invalid email):

strapi-backend  | [2023-08-15 10:47:15.760] error: Invalid identifier or password
strapi-backend  | ValidationError: Invalid identifier or password
strapi-backend  |     at Object.callback (/opt/node_modules/@strapi/plugin-users-permissions/server/controllers/auth.js:62:15)
strapi-backend  |     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
strapi-backend  |     at async returnBodyMiddleware (/opt/node_modules/@strapi/strapi/lib/services/server/compose-endpoint.js:52:18)
strapi-backend  |     at async policiesMiddleware (/opt/node_modules/@strapi/strapi/lib/services/server/policy.js:24:5)
strapi-backend  |     at async /opt/node_modules/@strapi/strapi/lib/middlewares/body.js:58:9
strapi-backend  |     at async /opt/node_modules/@strapi/strapi/lib/middlewares/logger.js:9:5
strapi-backend  |     at async /opt/node_modules/@strapi/strapi/lib/middlewares/powered-by.js:16:5
strapi-backend  |     at async cors (/opt/node_modules/@koa/cors/index.js:61:32)
strapi-backend  |     at async /opt/node_modules/@strapi/strapi/lib/middlewares/errors.js:13:7
strapi-backend  |     at async session (/opt/node_modules/koa-session/index.js:41:7)

For invalid password

...
at Object.callback (/opt/node_modules/@strapi/plugin-users-permissions/server/controllers/auth.js:75:15)
...

matepaiva · August 17, 2023, 10:11am

Something really weird is happening with me. I was getting 500 error on client and I couldn’t figure out why.

Then I created a brand-new strapi project and moved all old files to the new project. Magically, it started working again!

That is the second time I do this to fix the same problem, so probably it will happens a third time. I have no clue why reinstalling the project fixes it.

imcbv · January 24, 2024, 6:01pm

I’ll copy the comment I left under the GitHub issue here just in case someone is still struggling with this:

npm install @strapi/utils@[version] did the trick for me.
This should help avoid scenarios where different versions are installed as nested dependencies.

Nicolas_Bernier · March 14, 2024, 12:12pm

Same problem here, but the solution was straightforward.

You must make sure that Strapi and all its dependencies have the exact same version number, otherwise you may end up having several implementations of the same stuff (ie error classes), in which case instructions such as instanceof ApplicationError might fail because the imported ApplicationError class differs from the one that was originally thrown.

The solution is :

Open your package.json and check all your @strapi dependencies have the exact same version number as @strapi/strapi. For example, if you have "@strapi/strapi": "4.10.5", all dependencies should have "4.10.5" as version number.
Delete package-lock.json
Delete node_modules, build and .cache folders
npm i
npm run build

Mishadev · March 18, 2024, 7:57pm

Hi Nicolas!
Do you mind showing an example how you throw an error?

I am trying to throw an error in case 3rd party external API returns anything other than 200, but having same issue as everyone here, only 500 is thrown which isnt my 3rd party error code. I updated packages to same versions as you, 4.10.5 and followed your steps to clear node modules etc, however if I setup a required const for ApplicationError my strapi dev server quits and stops…

Thanks!

Cris_Cirhuza · April 18, 2024, 9:45am

@imcbv you saved my life . thank you a lot for sharing this is useful tip