Feature: Error handling adjustments

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@corbado/node-sdk",
-  "version": "3.0.0-alpha.0",
+  "version": "3.0.0-alpha.1",
   "description": "This Node.js SDK eases the integration of Corbado's passkey-first authentication solution.",
   "keywords": [
     "passkeys",

src/errors/index.ts

@@ -1,5 +1,6 @@
 import BaseError from './baseError.js';
 import ServerError, { ErrorDetails, RequestData, ServerErrorType } from './serverError.js';
+import ValidationError from './validationError.js';
 import httpStatusCodes from './httpStatusCodes.js';
 
-export { BaseError, ServerError, httpStatusCodes, ErrorDetails, RequestData, ServerErrorType };
+export { BaseError, ServerError, httpStatusCodes, ErrorDetails, RequestData, ServerErrorType, ValidationError };

src/errors/jwtError.ts → src/errors/validationError.ts

@@ -1,18 +1,18 @@
 import BaseError from './baseError';
 import httpStatusCodes from './httpStatusCodes';
 
-export enum JWTErrorNames {
+export enum ValidationErrorNames {
   JWTClaimValidationFailed = 'CLAIM_VALIDATION_FAILED',
   InvalidIssuer = 'INVALID_ISSUER',
   InvalidShortSession = 'INVALID_SHORT_SESSION',
   JWTExpired = 'JWT_EXPIRED',
   JWTInvalid = 'JWT_INVALID',
 }
 
-class JWTError extends BaseError {
-  constructor(name: JWTErrorNames, isOperational: boolean = false) {
+class ValidationError extends BaseError {
+  constructor(name: ValidationErrorNames, isOperational: boolean = false) {
     super(name, httpStatusCodes[name].code, httpStatusCodes[name].description, isOperational);
   }
 }
 
-export default JWTError;
+export default ValidationError;

src/helpers/assert.ts

@@ -73,7 +73,7 @@ class Assert {
     );
 
     validate(
-      parsedUrl.pathname !== '/',
+      parsedUrl.pathname !== '/' && parsedUrl.pathname !== '/v2',
       `${errorName} URL path assertion failed`,
       INVALID_URL.code,
       'path needs to be empty',

src/services/identifierService.ts

@@ -9,7 +9,7 @@ import {
   IdentifiersApi,
   IdentifierList,
 } from '../generated/index.js';
-import { Assert, Helper, isErrorRsp } from '../helpers';
+import { Assert, Helper, isErrorRsp } from '../helpers/index.js';
 import httpStatusCodes from '../errors/httpStatusCodes.js';
 import BaseError from '../errors/baseError.js';
 

src/services/sessionService.ts

@@ -2,7 +2,7 @@
 /* eslint-disable class-methods-use-this */
 import { JWTPayload, jwtVerify, createRemoteJWKSet, errors } from 'jose';
 import { Assert } from '../helpers/index.js';
-import JWTError, { JWTErrorNames } from '../errors/jwtError.js';
+import ValidationError, { ValidationErrorNames } from '../errors/validationError.js';
 import { User, UserStatus } from '../generated/api.js';
 
 export interface SessionInterface {
@@ -43,30 +43,30 @@ class Session implements SessionInterface {
     Assert.notEmptyString(shortSession, 'shortSession not given');
 
     if (shortSession.length < MIN_SHORT_SESSION_LENGTH) {
-      throw new JWTError(JWTErrorNames.InvalidShortSession);
+      throw new ValidationError(ValidationErrorNames.InvalidShortSession);
     }
 
     try {
       const { payload } = await jwtVerify(shortSession, this.jwkSet, { issuer: this.issuer });
 
       const { userID, fullName, status, explicitWebauthnID } = payload as MyJWTPayload;
 
-      if (payload.iss && payload.iss !== this.issuer) {
-        throw new JWTError(JWTErrorNames.InvalidIssuer);
+      if (!payload.iss || payload.iss !== this.issuer) {
+        throw new ValidationError(ValidationErrorNames.InvalidIssuer);
       }
 
       return { userID, fullName, status, explicitWebauthnID };
     } catch (error) {
       if (error instanceof errors.JWTClaimValidationFailed) {
-        throw new JWTError(JWTErrorNames.JWTClaimValidationFailed);
+        throw new ValidationError(ValidationErrorNames.JWTClaimValidationFailed);
       }
 
       if (error instanceof errors.JWTExpired) {
-        throw new JWTError(JWTErrorNames.JWTExpired);
+        throw new ValidationError(ValidationErrorNames.JWTExpired);
       }
 
       if (error instanceof errors.JWTInvalid) {
-        throw new JWTError(JWTErrorNames.JWTInvalid);
+        throw new ValidationError(ValidationErrorNames.JWTInvalid);
       }
 
       throw error;

tests/unit/session.test.ts

@@ -1,6 +1,6 @@
 import { createRemoteJWKSet, jwtVerify, errors } from 'jose';
 import { Session } from '../../src/services';
-import JWTError, { JWTErrorNames } from '../../src/errors/jwtError';
+import ValidationError, { ValidationErrorNames } from '../../src/errors/validationError';
 import { UserStatus } from '../../src/generated';
 import { httpStatusCodes } from '../../src/errors';
 
@@ -43,15 +43,15 @@ describe('Session Service Unit Tests', () => {
     );
   });
 
-  test('should throw JWTError if short session is too short', async () => {
+  test('should throw ValidationError if short session is too short', async () => {
     const shortSession = 'short';
-    await expect(sessionService.getAndValidateCurrentUser(shortSession)).rejects.toThrow(JWTError);
+    await expect(sessionService.getAndValidateCurrentUser(shortSession)).rejects.toThrow(ValidationError);
     await expect(sessionService.getAndValidateCurrentUser(shortSession)).rejects.toThrow(
-      httpStatusCodes[JWTErrorNames.InvalidShortSession].description,
+      httpStatusCodes[ValidationErrorNames.InvalidShortSession].description,
     );
   });
 
-  test('should throw JWTError if issuer is mismatched', async () => {
+  test('should throw ValidationError if issuer is mismatched', async () => {
     (jwtVerify as jest.Mock).mockResolvedValue({
       payload: {
         iss: 'https://invalid-issuer.com',
@@ -61,36 +61,51 @@ describe('Session Service Unit Tests', () => {
       },
     });
 
-    await expect(sessionService.getAndValidateCurrentUser(SHORT_SESSION)).rejects.toThrow(JWTError);
+    await expect(sessionService.getAndValidateCurrentUser(SHORT_SESSION)).rejects.toThrow(ValidationError);
     await expect(sessionService.getAndValidateCurrentUser(SHORT_SESSION)).rejects.toThrow(
-      httpStatusCodes[JWTErrorNames.InvalidIssuer].description,
+      httpStatusCodes[ValidationErrorNames.InvalidIssuer].description,
     );
   });
 
-  test('should throw JWTError on JWTClaimValidationFailed', async () => {
+  test('should throw ValidationError if issuer is undefined', async () => {
+    (jwtVerify as jest.Mock).mockResolvedValue({
+      payload: {
+        userID: TEST_USER_ID,
+        fullName: TEST_FULL_NAME,
+        status: TEST_STATUS,
+      },
+    });
+
+    await expect(sessionService.getAndValidateCurrentUser(SHORT_SESSION)).rejects.toThrow(ValidationError);
+    await expect(sessionService.getAndValidateCurrentUser(SHORT_SESSION)).rejects.toThrow(
+      httpStatusCodes[ValidationErrorNames.InvalidIssuer].description,
+    );
+  });
+
+  test('should throw ValidationError on JWTClaimValidationFailed', async () => {
     (jwtVerify as jest.Mock).mockRejectedValue(new errors.JWTClaimValidationFailed('message'));
 
-    await expect(sessionService.getAndValidateCurrentUser(SHORT_SESSION)).rejects.toThrow(JWTError);
+    await expect(sessionService.getAndValidateCurrentUser(SHORT_SESSION)).rejects.toThrow(ValidationError);
     await expect(sessionService.getAndValidateCurrentUser(SHORT_SESSION)).rejects.toThrow(
-      httpStatusCodes[JWTErrorNames.JWTClaimValidationFailed].description,
+      httpStatusCodes[ValidationErrorNames.JWTClaimValidationFailed].description,
     );
   });
 
-  test('should throw JWTError on JWTExpired', async () => {
+  test('should throw ValidationError on JWTExpired', async () => {
     (jwtVerify as jest.Mock).mockRejectedValue(new errors.JWTExpired('message'));
 
-    await expect(sessionService.getAndValidateCurrentUser(SHORT_SESSION)).rejects.toThrow(JWTError);
+    await expect(sessionService.getAndValidateCurrentUser(SHORT_SESSION)).rejects.toThrow(ValidationError);
     await expect(sessionService.getAndValidateCurrentUser(SHORT_SESSION)).rejects.toThrow(
-      httpStatusCodes[JWTErrorNames.JWTExpired].description,
+      httpStatusCodes[ValidationErrorNames.JWTExpired].description,
     );
   });
 
-  test('should throw JWTError on JWTInvalid', async () => {
+  test('should throw ValidationError on JWTInvalid', async () => {
     (jwtVerify as jest.Mock).mockRejectedValue(new errors.JWTInvalid());
 
-    await expect(sessionService.getAndValidateCurrentUser(SHORT_SESSION)).rejects.toThrow(JWTError);
+    await expect(sessionService.getAndValidateCurrentUser(SHORT_SESSION)).rejects.toThrow(ValidationError);
     await expect(sessionService.getAndValidateCurrentUser(SHORT_SESSION)).rejects.toThrow(
-      httpStatusCodes[JWTErrorNames.JWTInvalid].description,
+      httpStatusCodes[ValidationErrorNames.JWTInvalid].description,
     );
   });