Log a better error on flow auth function clause error (#3031)

2026-01-27 18:18:55 +00:00 · 2023-12-27 14:37:17 -06:00
parent 37bdb91cef
commit d3c99be576
2 changed files with 34 additions and 11 deletions
--- a/elixir/apps/domain/lib/domain/flows.ex
+++ b/elixir/apps/domain/lib/domain/flows.ex
@@ -3,6 +3,9 @@ defmodule Domain.Flows do
  alias Domain.{Auth, Accounts, Actors, Clients, Gateways, Resources, Policies}
  alias Domain.Flows.{Authorizer, Flow, Activity}
  require Ecto.Query
+  require Logger
+
+  def authorize_flow(client, gateway, id, subject, opts \\ [])

  def authorize_flow(
        %Clients.Client{
@@ -27,7 +30,7 @@ defmodule Domain.Flows do
            user_agent: client_user_agent
          }
        } = subject,
-        opts \\ []
+        opts
      ) do
    with :ok <- Auth.ensure_has_permissions(subject, Authorizer.create_flows_permission()),
         {:ok, resource} <- Resources.fetch_and_authorize_resource_by_id(id, subject, opts) do
@@ -49,6 +52,29 @@ defmodule Domain.Flows do
    end
  end

+  def authorize_flow(client, gateway, id, subject, _opts) do
+    Logger.error("authorize_flow/4 called with invalid arguments",
+      id: id,
+      client: %{
+        id: client.id,
+        account_id: client.account_id,
+        actor_id: client.actor_id,
+        identity_id: client.identity_id
+      },
+      gateway: %{
+        id: gateway.id,
+        account_id: gateway.account_id
+      },
+      subject: %{
+        account: %{id: subject.account.id, slug: subject.account.slug},
+        actor: %{id: subject.actor.id, type: subject.actor.type},
+        identity: %{id: subject.identity.id}
+      }
+    )
+
+    {:error, :internal_error}
+  end
+
  def fetch_flow_by_id(id, %Auth.Subject{} = subject, opts \\ []) do
    with :ok <- Auth.ensure_has_permissions(subject, Authorizer.view_flows_permission()),
         true <- Validator.valid_uuid?(id) do
--- a/elixir/apps/domain/test/domain/flows_test.exs
+++ b/elixir/apps/domain/test/domain/flows_test.exs
@@ -121,7 +121,7 @@ defmodule Domain.FlowsTest do
      assert authorize_flow(client, gateway, resource.id, subject) == {:error, :not_found}
    end

-    test "raises on account_id mismatch", %{
+    test "returns error on account_id mismatch", %{
      client: client,
      gateway: gateway,
      resource: resource,
@@ -131,17 +131,14 @@ defmodule Domain.FlowsTest do
      other_client = Fixtures.Clients.create_client()
      other_gateway = Fixtures.Gateways.create_gateway()

-      assert_raise FunctionClauseError, fn ->
-        authorize_flow(client, gateway, resource.id, other_subject)
-      end
+      assert authorize_flow(client, gateway, resource.id, other_subject) ==
+               {:error, :internal_error}

-      assert_raise FunctionClauseError, fn ->
-        authorize_flow(client, other_gateway, resource.id, subject)
-      end
+      assert authorize_flow(client, other_gateway, resource.id, subject) ==
+               {:error, :internal_error}

-      assert_raise FunctionClauseError, fn ->
-        authorize_flow(other_client, gateway, resource.id, subject)
-      end
+      assert authorize_flow(other_client, gateway, resource.id, subject) ==
+               {:error, :internal_error}
    end

    test "returns error when subject has no permission to create flows", %{