fix: more accurate error message for createResetPasswordToken (#282)

campsi · Mar 11, 2024 · ced07f6 · ced07f6
1 parent 23f7759
commit ced07f6
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/services/auth/lib/local.js b/services/auth/lib/local.js
@@ -318,7 +318,13 @@ const createResetPasswordToken = async (req, res) => {
     }
 
     if (!user.identities?.local?.id) {
-      return helpers.forbidden(res, new Error('user does not have a local identity provider'));
+      const availableProviders = req.authProviders;
+      const existingProvidersIdentities = Object.entries(user.identities || {})
+        .filter(([key, value]) => !!availableProviders[key] && !!value?.id)
+        .map(([key, value]) => key);
+      // user.identities can have keys not related to providers, like invitation keys, and thus can be not fully created. at this point we consider it as not found.
+      const errorMessage = existingProvidersIdentities.length ? 'user does not have a local identity provider' : 'User not found';
+      return helpers.forbidden(res, new Error(errorMessage));
     }
     const opts = req.authProvider.options;