fix: Fix login error handling by raising exception instead of returning (#24452)

api/controllers/console/auth/login.py

@@ -221,7 +221,7 @@ class EmailCodeLoginApi(Resource):
                     email=user_email, name=user_email, interface_language=languages[0]
                 )
             except WorkSpaceNotAllowedCreateError:
-                return NotAllowedCreateWorkspace()
+                raise NotAllowedCreateWorkspace()
             except AccountRegisterError as are:
                 raise AccountInFreezeError()
             except WorkspacesLimitExceededError:

api/libs/external_api.py

@@ -1,10 +1,10 @@
 import re
 import sys
+from collections.abc import Mapping
 from typing import Any
 
 from flask import current_app, got_request_exception
 from flask_restx import Api
-from werkzeug.datastructures import Headers
 from werkzeug.exceptions import HTTPException
 from werkzeug.http import HTTP_STATUS_CODES
 
@@ -12,125 +12,97 @@ from core.errors.error import AppInvokeQuotaExceededError
 
 
 def http_status_message(code):
-    """Maps an HTTP status code to the textual status"""
     return HTTP_STATUS_CODES.get(code, "")
 
 
 def register_external_error_handlers(api: Api) -> None:
-    """Register error handlers for the API using decorators.
-
-    :param api: The Flask-RestX Api instance
-    """
-
     @api.errorhandler(HTTPException)
     def handle_http_exception(e: HTTPException):
-        """Handle HTTP exceptions."""
         got_request_exception.send(current_app, exception=e)
 
-        if e.response is not None:
-            return e.get_response()
+        # If Werkzeug already prepared a Response, just use it.
+        if getattr(e, "response", None) is not None:
+            return e.response
 
-        headers = Headers()
-        status_code = e.code
+        status_code = getattr(e, "code", 500) or 500
+
+        # Build a safe, dict-like payload
         default_data = {
             "code": re.sub(r"(?<!^)(?=[A-Z])", "_", type(e).__name__).lower(),
             "message": getattr(e, "description", http_status_message(status_code)),
             "status": status_code,
         }
-
-        if (
-            default_data["message"]
-            and default_data["message"] == "Failed to decode JSON object: Expecting value: line 1 column 1 (char 0)"
-        ):
+        if default_data["message"] == "Failed to decode JSON object: Expecting value: line 1 column 1 (char 0)":
             default_data["message"] = "Invalid JSON payload received or JSON payload is empty."
 
-        headers = e.get_response().headers
+        # Use headers on the exception if present; otherwise none.
+        headers = {}
+        exc_headers = getattr(e, "headers", None)
+        if exc_headers:
+            headers.update(exc_headers)
 
-        # Handle specific status codes
+        # Payload per status
         if status_code == 406 and api.default_mediatype is None:
-            supported_mediatypes = list(api.representations.keys())
-            fallback_mediatype = supported_mediatypes[0] if supported_mediatypes else "text/plain"
-            data = {"code": "not_acceptable", "message": default_data.get("message")}
-            resp = api.make_response(data, status_code, headers, fallback_mediatype=fallback_mediatype)
+            data = {"code": "not_acceptable", "message": default_data["message"], "status": status_code}
+            return data, status_code, headers
         elif status_code == 400:
-            if isinstance(default_data.get("message"), dict):
-                param_key, param_value = list(default_data.get("message", {}).items())[0]
-                data = {"code": "invalid_param", "message": param_value, "params": param_key}
+            msg = default_data["message"]
+            if isinstance(msg, Mapping) and msg:
+                # Convert param errors like {"field": "reason"} into a friendly shape
+                param_key, param_value = next(iter(msg.items()))
+                data = {
+                    "code": "invalid_param",
+                    "message": str(param_value),
+                    "params": param_key,
+                    "status": status_code,
+                }
             else:
-                data = default_data
-                if "code" not in data:
-                    data["code"] = "unknown"
-            resp = api.make_response(data, status_code, headers)
+                data = {**default_data}
+                data.setdefault("code", "unknown")
+            return data, status_code, headers
         else:
-            data = default_data
-            if "code" not in data:
-                data["code"] = "unknown"
-            resp = api.make_response(data, status_code, headers)
-
+            data = {**default_data}
+            data.setdefault("code", "unknown")
+            # If you need WWW-Authenticate for 401, add it to headers
             if status_code == 401:
-            resp = api.unauthorized(resp)
-
-        # Remove duplicate Content-Length header
-        remove_headers = ("Content-Length",)
-        for header in remove_headers:
-            headers.pop(header, None)
-
-        return resp
+                headers["WWW-Authenticate"] = 'Bearer realm="api"'
+            return data, status_code, headers
 
     @api.errorhandler(ValueError)
     def handle_value_error(e: ValueError):
-        """Handle ValueError exceptions."""
         got_request_exception.send(current_app, exception=e)
-
         status_code = 400
-        data = {
-            "code": "invalid_param",
-            "message": str(e),
-            "status": status_code,
-        }
-        return api.make_response(data, status_code)
+        data = {"code": "invalid_param", "message": str(e), "status": status_code}
+        return data, status_code
 
     @api.errorhandler(AppInvokeQuotaExceededError)
     def handle_quota_exceeded(e: AppInvokeQuotaExceededError):
-        """Handle AppInvokeQuotaExceededError exceptions."""
         got_request_exception.send(current_app, exception=e)
-
         status_code = 429
-        data = {
-            "code": "too_many_requests",
-            "message": str(e),
-            "status": status_code,
-        }
-        return api.make_response(data, status_code)
+        data = {"code": "too_many_requests", "message": str(e), "status": status_code}
+        return data, status_code
 
     @api.errorhandler(Exception)
     def handle_general_exception(e: Exception):
-        """Handle general exceptions."""
         got_request_exception.send(current_app, exception=e)
 
-        headers = Headers()
         status_code = 500
-        default_data = {
-            "message": http_status_message(status_code),
-        }
+        data: dict[str, Any] = getattr(e, "data", {"message": http_status_message(status_code)})
 
-        data = getattr(e, "data", default_data)
+        # 🔒 Normalize non-mapping data (e.g., if someone set e.data = Response)
+        if not isinstance(data, Mapping):
+            data = {"message": str(e)}
 
-        # Log server errors
+        data.setdefault("code", "unknown")
+        data.setdefault("status", status_code)
+
+        # Log stack
         exc_info: Any = sys.exc_info()
         if exc_info[1] is None:
             exc_info = None
         current_app.log_exception(exc_info)
 
-        if "code" not in data:
-            data["code"] = "unknown"
-
-        # Remove duplicate Content-Length header
-        remove_headers = ("Content-Length",)
-        for header in remove_headers:
-            headers.pop(header, None)
-
-        return api.make_response(data, status_code, headers)
+        return data, status_code
 
 
 class ExternalApi(Api):