Skip to content

Commit c89b425

Browse files
tembo[bot]pyramation
tembo[bot]
and
pyramation
authored
chore(graphile): add more safe GraphQL error codes for auth and account issues
Co-authored-by: Dan <pyramation@gmail.com>
1 parent 5094bbe commit c89b425

1 file changed

Lines changed: 51 additions & 1 deletion

File tree

graphql/server/src/middleware/graphile.ts

Lines changed: 51 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,31 +24,81 @@ const SAFE_ERROR_CODES = new Set([
2424
'PERSISTED_QUERY_NOT_SUPPORTED',
2525
// Auth
2626
'UNAUTHENTICATED',
27+
'NOT_AUTHENTICATED',
28+
'USER_NOT_AUTHENTICATED',
2729
'FORBIDDEN',
2830
'BAD_USER_INPUT',
2931
'INCORRECT_PASSWORD',
3032
'PASSWORD_INSECURE',
33+
'ACCOUNT_LOCKED',
3134
'ACCOUNT_LOCKED_EXCEED_ATTEMPTS',
3235
'ACCOUNT_DISABLED',
3336
'ACCOUNT_EXISTS',
37+
'ACCOUNT_NOT_FOUND',
38+
'USER_NOT_FOUND',
39+
'INVALID_USER',
40+
'INVALID_TOKEN',
41+
'INVALID_CODE',
42+
'NO_PRIMARY_EMAIL',
43+
'NO_CREDENTIALS',
3444
'PASSWORD_LEN',
3545
'INVITE_NOT_FOUND',
3646
'INVITE_LIMIT',
3747
'INVITE_EMAIL_NOT_FOUND',
3848
'INVALID_CREDENTIALS',
49+
// Auth method toggles (app-level allow_* settings)
50+
'SIGN_UP_DISABLED',
51+
'PASSWORD_SIGN_IN_DISABLED',
52+
'PASSWORD_SIGN_UP_DISABLED',
53+
'SSO_SIGN_IN_DISABLED',
54+
'SSO_SIGN_UP_DISABLED',
55+
'SSO_ACCOUNT_NOT_FOUND',
56+
'CONNECTED_ACCOUNT_NOT_FOUND',
57+
'MAGIC_LINK_SIGN_IN_DISABLED',
58+
'MAGIC_LINK_SIGN_UP_DISABLED',
59+
'EMAIL_OTP_SIGN_IN_DISABLED',
60+
'SMS_SIGN_IN_DISABLED',
61+
'SMS_SIGN_UP_DISABLED',
3962
// CSRF
4063
'CSRF_TOKEN_REQUIRED',
4164
'INVALID_CSRF_TOKEN',
4265
// Rate limiting / throttling
4366
'TOO_MANY_REQUESTS',
4467
'PASSWORD_RESET_LOCKED_EXCEED_ATTEMPTS',
45-
// TOTP
68+
// TOTP / MFA / step-up
4669
'TOTP_NOT_ENABLED',
70+
'TOTP_ALREADY_ENABLED',
71+
'TOTP_SETUP_NOT_INITIATED',
72+
'MFA_REQUIRED',
73+
'MFA_CHALLENGE_EXPIRED',
74+
'INVALID_MFA_CHALLENGE',
75+
'STEP_UP_REQUIRED',
76+
'STEP_UP_REQUIRED_PASSWORD',
77+
'STEP_UP_REQUIRED_PASSWORD_OR_MFA',
78+
// Sessions / API keys
79+
'SESSION_NOT_FOUND',
80+
'API_KEY_NOT_FOUND',
81+
'CANNOT_DISCONNECT_LAST_AUTH_METHOD',
82+
'CANNOT_REVOKE_CURRENT_SESSION',
4783
// Account / resource operations
84+
'NOT_FOUND',
4885
'NULL_VALUES_DISALLOWED',
4986
'OBJECT_NOT_FOUND',
87+
'OBJECT_NO_UPDATE',
5088
'LIMIT_REACHED',
5189
'REQUIRES_ONE_OWNER',
90+
'DELETE_FIRST',
91+
'REF_NOT_FOUND',
92+
'CROSS_DATABASE_REF',
93+
'GROUPS_REQ_ENTITIES',
94+
'ALREADY_SCHEDULED',
95+
'SINGLETON_TABLE',
96+
// Entity/field immutability
97+
'IMMUTABLE_FIELD',
98+
'IMMUTABLE_PROPS',
99+
'IMMUTABLE_PEOPLESTAMPS',
100+
'IMMUTABLE_TIMESTAMPS',
101+
'CONST_TYPE_FIELDS_IMMUTABLE',
52102
// PublicKeySignature
53103
'FEATURE_DISABLED',
54104
'INVALID_PUBLIC_KEY',

0 commit comments

Comments
 (0)