Ho Ngoc Hai 7008230424 fix(auth): prevent login endpoint from returning 500 on invalid credentials ...

LocalStrategy.validate lacked a try-catch, so infrastructure errors
(DB timeouts, bcrypt failures, null/undefined phone) escaped as raw
Error instances. LocalAuthGuard.handleRequest blindly re-threw them,
causing GlobalExceptionFilter to map them to 500 Internal Server Error
instead of 401 Unauthorized.

Changes:
- Add null/falsy guard for phone and password in LocalStrategy.validate
- Wrap validate body in try-catch; re-throw DomainExceptions, wrap
  unexpected errors as UnauthorizedException (401)
- Add error type-checking in LocalAuthGuard.handleRequest: re-throw
  HttpException subclasses directly, wrap other errors as 401
- Add @IsNotEmpty() validators to LoginDto for Swagger accuracy
- Add 5 new test cases covering undefined/null/empty inputs, DB
  errors, and bcrypt failures
- Update guard tests for the new type-checking behaviour

Resolves TEC-1841

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-11 19:53:41 +07:00

..

src

fix(auth): prevent login endpoint from returning 500 on invalid credentials

2026-04-11 19:53:41 +07:00

docker-entrypoint.sh

feat(devops): improve multi-stage production Dockerfile for NestJS API

2026-04-09 01:23:06 +07:00

Dockerfile

feat(devops): improve multi-stage production Dockerfile for NestJS API

2026-04-09 01:23:06 +07:00

nest-cli.json

feat: scaffold monorepo with Turborepo + NestJS + Next.js

2026-04-07 23:52:33 +07:00

package.json

chore: update package dependencies and Playwright config

2026-04-11 01:40:59 +07:00

tsconfig.json

feat: upgrade major dependencies to latest versions

2026-04-08 13:15:36 +07:00

vitest.config.ts

fix(auth): use env-configurable bcrypt rounds to prevent test timeout

2026-04-10 23:26:43 +07:00

vitest.integration.config.ts

feat(auth): implement Auth module with register, login, JWT, guards, and CQRS

2026-04-08 00:24:42 +07:00