The LoginAPI is not configured to exit gracefully if an expected variable is not present.
Created attachment 740486 [details] Code in question Can you check to make sure I'm not crazy? Are these API's error-safe?
Attachment #740486 - Flags: review?(ross)
That code snippet looks OK. We're relying a fair bit on Mongoose for the actual data validation so in regards to actual error checks where something isn't found this seems great. Not sure if this comes within the scope of this ticket (not sure if does but it 'might') but at what point do we want to ensure that only the current logged in user or the app are able to access a number of these route? My guess is that's another error - and something that should be handled via a middleware in a new bug but if not, something to consider.
:sedge - in what way is this bug different to this bug https://bugzilla.mozilla.org/show_bug.cgi?id=863746 ?
:booze - Good catch, I think they're similar. The main difference is that the one you linked has more to do with reporting errors, and this bug is more about safe handling of errors. They should probably be the same thing! I'm going to close this one since that makes the third pair of eyes that okayed the code.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.