zitadel/internal/api/grpc/gerrors/zitadel_errors.go

package gerrors

import (
	"errors"

	"github.com/jackc/pgx/v5/pgconn"
	"github.com/zitadel/logging"
	"google.golang.org/grpc/codes"
	"google.golang.org/grpc/status"
	"google.golang.org/protobuf/protoadapt"

	commandErrors "github.com/zitadel/zitadel/internal/command/errors"
	"github.com/zitadel/zitadel/internal/zerrors"
	"github.com/zitadel/zitadel/pkg/grpc/message"
)

func ZITADELToGRPCError(err error) error {
	if err == nil {
		return nil
	}
	code, key, id, ok := ExtractZITADELError(err)
	if !ok {
		return status.Convert(err).Err()
	}
	msg := key
	msg += " (" + id + ")"

	errorInfo := getErrorInfo(id, key, err)

	s, err := status.New(code, msg).WithDetails(errorInfo)
	if err != nil {
		logging.WithError(err).WithField("logID", "GRPC-gIeRw").Debug("unable to add detail")
		return status.New(code, msg).Err()
	}

	return s.Err()
}

func ExtractZITADELError(err error) (c codes.Code, msg, id string, ok bool) {
	if err == nil {
		return codes.OK, "", "", false
	}
	connErr := new(pgconn.ConnectError)
	if ok := errors.As(err, &connErr); ok {
		return codes.Internal, "db connection error", "", true
	}
	zitadelErr := new(zerrors.ZitadelError)
	if ok := errors.As(err, &zitadelErr); !ok {
		return codes.Unknown, err.Error(), "", false
	}
	switch {
	case zerrors.IsErrorAlreadyExists(err):
		return codes.AlreadyExists, zitadelErr.GetMessage(), zitadelErr.GetID(), true
	case zerrors.IsDeadlineExceeded(err):
		return codes.DeadlineExceeded, zitadelErr.GetMessage(), zitadelErr.GetID(), true
	case zerrors.IsInternal(err):
		return codes.Internal, zitadelErr.GetMessage(), zitadelErr.GetID(), true
	case zerrors.IsErrorInvalidArgument(err):
		return codes.InvalidArgument, zitadelErr.GetMessage(), zitadelErr.GetID(), true
	case zerrors.IsNotFound(err):
		return codes.NotFound, zitadelErr.GetMessage(), zitadelErr.GetID(), true
	case zerrors.IsPermissionDenied(err):
		return codes.PermissionDenied, zitadelErr.GetMessage(), zitadelErr.GetID(), true
	case zerrors.IsPreconditionFailed(err):
		return codes.FailedPrecondition, zitadelErr.GetMessage(), zitadelErr.GetID(), true
	case zerrors.IsUnauthenticated(err):
		return codes.Unauthenticated, zitadelErr.GetMessage(), zitadelErr.GetID(), true
	case zerrors.IsUnavailable(err):
		return codes.Unavailable, zitadelErr.GetMessage(), zitadelErr.GetID(), true
	case zerrors.IsUnimplemented(err):
		return codes.Unimplemented, zitadelErr.GetMessage(), zitadelErr.GetID(), true
	case zerrors.IsResourceExhausted(err):
		return codes.ResourceExhausted, zitadelErr.GetMessage(), zitadelErr.GetID(), true
	default:
		return codes.Unknown, err.Error(), "", false
	}
}

func getErrorInfo(id, key string, err error) protoadapt.MessageV1 {
	var errorInfo protoadapt.MessageV1

	var wpe *commandErrors.WrongPasswordError
	if err != nil && errors.As(err, &wpe) {
		errorInfo = &message.CredentialsCheckError{Id: id, Message: key, FailedAttempts: wpe.FailedAttempts}
	} else {
		errorInfo = &message.ErrorDetail{Id: id, Message: key}
	}

	return errorInfo
}
refactor: rename package errors to zerrors (#7039) * chore: rename package errors to zerrors * rename package errors to gerrors * fix error related linting issues * fix zitadel error assertion * fix gosimple linting issues * fix deprecated linting issues * resolve gci linting issues * fix import structure --------- Co-authored-by: Elio Bischof <elio@zitadel.com> 2023-12-08 16:30:55 +02:00			`package gerrors`

			`import (`
			`"errors"`

fix: exclude db connection error details (#7785) * fix: exclude db connection error details * remove potential recursive error 2024-04-23 10:35:25 +02:00			`"github.com/jackc/pgx/v5/pgconn"`
refactor: rename package errors to zerrors (#7039) * chore: rename package errors to zerrors * rename package errors to gerrors * fix error related linting issues * fix zitadel error assertion * fix gosimple linting issues * fix deprecated linting issues * resolve gci linting issues * fix import structure --------- Co-authored-by: Elio Bischof <elio@zitadel.com> 2023-12-08 16:30:55 +02:00			`"github.com/zitadel/logging"`
			`"google.golang.org/grpc/codes"`
			`"google.golang.org/grpc/status"`
feat(session/v2): user password lockout error response (#9233) # Which Problems Are Solved Adds `failed attempts` field to the grpc response when a user enters wrong password when logging in FYI: this only covers the senario above; other senarios where this is not applied are: SetPasswordWithVerifyCode setPassword ChangPassword setPasswordWithPermission # How the Problems Are Solved Created new grpc message `CredentialsCheckError` - `proto/zitadel/message.proto` to include `failed_attempts` field. Had to create a new package - `github.com/zitadel/zitadel/internal/command/errors` to resolve cycle dependency between `github.com/zitadel/zitadel/internal/command` and `github.com/zitadel/zitadel/internal/command`. # Additional Changes - none # Additional Context - Closes https://github.com/zitadel/zitadel/issues/9198 --------- Co-authored-by: Iraq Jaber <IraqJaber@gmail.com> 2025-01-29 10:29:00 +00:00			`"google.golang.org/protobuf/protoadapt"`
refactor: rename package errors to zerrors (#7039) * chore: rename package errors to zerrors * rename package errors to gerrors * fix error related linting issues * fix zitadel error assertion * fix gosimple linting issues * fix deprecated linting issues * resolve gci linting issues * fix import structure --------- Co-authored-by: Elio Bischof <elio@zitadel.com> 2023-12-08 16:30:55 +02:00
feat(session/v2): user password lockout error response (#9233) # Which Problems Are Solved Adds `failed attempts` field to the grpc response when a user enters wrong password when logging in FYI: this only covers the senario above; other senarios where this is not applied are: SetPasswordWithVerifyCode setPassword ChangPassword setPasswordWithPermission # How the Problems Are Solved Created new grpc message `CredentialsCheckError` - `proto/zitadel/message.proto` to include `failed_attempts` field. Had to create a new package - `github.com/zitadel/zitadel/internal/command/errors` to resolve cycle dependency between `github.com/zitadel/zitadel/internal/command` and `github.com/zitadel/zitadel/internal/command`. # Additional Changes - none # Additional Context - Closes https://github.com/zitadel/zitadel/issues/9198 --------- Co-authored-by: Iraq Jaber <IraqJaber@gmail.com> 2025-01-29 10:29:00 +00:00			`commandErrors "github.com/zitadel/zitadel/internal/command/errors"`
refactor: rename package errors to zerrors (#7039) * chore: rename package errors to zerrors * rename package errors to gerrors * fix error related linting issues * fix zitadel error assertion * fix gosimple linting issues * fix deprecated linting issues * resolve gci linting issues * fix import structure --------- Co-authored-by: Elio Bischof <elio@zitadel.com> 2023-12-08 16:30:55 +02:00			`"github.com/zitadel/zitadel/internal/zerrors"`
			`"github.com/zitadel/zitadel/pkg/grpc/message"`
			`)`

			`func ZITADELToGRPCError(err error) error {`
			`if err == nil {`
			`return nil`
			`}`
			`code, key, id, ok := ExtractZITADELError(err)`
			`if !ok {`
			`return status.Convert(err).Err()`
			`}`
			`msg := key`
			`msg += " (" + id + ")"`

feat(session/v2): user password lockout error response (#9233) # Which Problems Are Solved Adds `failed attempts` field to the grpc response when a user enters wrong password when logging in FYI: this only covers the senario above; other senarios where this is not applied are: SetPasswordWithVerifyCode setPassword ChangPassword setPasswordWithPermission # How the Problems Are Solved Created new grpc message `CredentialsCheckError` - `proto/zitadel/message.proto` to include `failed_attempts` field. Had to create a new package - `github.com/zitadel/zitadel/internal/command/errors` to resolve cycle dependency between `github.com/zitadel/zitadel/internal/command` and `github.com/zitadel/zitadel/internal/command`. # Additional Changes - none # Additional Context - Closes https://github.com/zitadel/zitadel/issues/9198 --------- Co-authored-by: Iraq Jaber <IraqJaber@gmail.com> 2025-01-29 10:29:00 +00:00			`errorInfo := getErrorInfo(id, key, err)`

			`s, err := status.New(code, msg).WithDetails(errorInfo)`
refactor: rename package errors to zerrors (#7039) * chore: rename package errors to zerrors * rename package errors to gerrors * fix error related linting issues * fix zitadel error assertion * fix gosimple linting issues * fix deprecated linting issues * resolve gci linting issues * fix import structure --------- Co-authored-by: Elio Bischof <elio@zitadel.com> 2023-12-08 16:30:55 +02:00			`if err != nil {`
			`logging.WithError(err).WithField("logID", "GRPC-gIeRw").Debug("unable to add detail")`
			`return status.New(code, msg).Err()`
			`}`

			`return s.Err()`
			`}`

			`func ExtractZITADELError(err error) (c codes.Code, msg, id string, ok bool) {`
			`if err == nil {`
			`return codes.OK, "", "", false`
			`}`
fix: exclude db connection error details (#7785) * fix: exclude db connection error details * remove potential recursive error 2024-04-23 10:35:25 +02:00			`connErr := new(pgconn.ConnectError)`
			`if ok := errors.As(err, &connErr); ok {`
			`return codes.Internal, "db connection error", "", true`
			`}`
refactor: rename package errors to zerrors (#7039) * chore: rename package errors to zerrors * rename package errors to gerrors * fix error related linting issues * fix zitadel error assertion * fix gosimple linting issues * fix deprecated linting issues * resolve gci linting issues * fix import structure --------- Co-authored-by: Elio Bischof <elio@zitadel.com> 2023-12-08 16:30:55 +02:00			`zitadelErr := new(zerrors.ZitadelError)`
			`if ok := errors.As(err, &zitadelErr); !ok {`
			`return codes.Unknown, err.Error(), "", false`
			`}`
			`switch {`
			`case zerrors.IsErrorAlreadyExists(err):`
			`return codes.AlreadyExists, zitadelErr.GetMessage(), zitadelErr.GetID(), true`
			`case zerrors.IsDeadlineExceeded(err):`
			`return codes.DeadlineExceeded, zitadelErr.GetMessage(), zitadelErr.GetID(), true`
			`case zerrors.IsInternal(err):`
			`return codes.Internal, zitadelErr.GetMessage(), zitadelErr.GetID(), true`
			`case zerrors.IsErrorInvalidArgument(err):`
			`return codes.InvalidArgument, zitadelErr.GetMessage(), zitadelErr.GetID(), true`
			`case zerrors.IsNotFound(err):`
			`return codes.NotFound, zitadelErr.GetMessage(), zitadelErr.GetID(), true`
			`case zerrors.IsPermissionDenied(err):`
			`return codes.PermissionDenied, zitadelErr.GetMessage(), zitadelErr.GetID(), true`
			`case zerrors.IsPreconditionFailed(err):`
			`return codes.FailedPrecondition, zitadelErr.GetMessage(), zitadelErr.GetID(), true`
			`case zerrors.IsUnauthenticated(err):`
			`return codes.Unauthenticated, zitadelErr.GetMessage(), zitadelErr.GetID(), true`
			`case zerrors.IsUnavailable(err):`
			`return codes.Unavailable, zitadelErr.GetMessage(), zitadelErr.GetID(), true`
			`case zerrors.IsUnimplemented(err):`
			`return codes.Unimplemented, zitadelErr.GetMessage(), zitadelErr.GetID(), true`
			`case zerrors.IsResourceExhausted(err):`
			`return codes.ResourceExhausted, zitadelErr.GetMessage(), zitadelErr.GetID(), true`
			`default:`
			`return codes.Unknown, err.Error(), "", false`
			`}`
			`}`
feat(session/v2): user password lockout error response (#9233) # Which Problems Are Solved Adds `failed attempts` field to the grpc response when a user enters wrong password when logging in FYI: this only covers the senario above; other senarios where this is not applied are: SetPasswordWithVerifyCode setPassword ChangPassword setPasswordWithPermission # How the Problems Are Solved Created new grpc message `CredentialsCheckError` - `proto/zitadel/message.proto` to include `failed_attempts` field. Had to create a new package - `github.com/zitadel/zitadel/internal/command/errors` to resolve cycle dependency between `github.com/zitadel/zitadel/internal/command` and `github.com/zitadel/zitadel/internal/command`. # Additional Changes - none # Additional Context - Closes https://github.com/zitadel/zitadel/issues/9198 --------- Co-authored-by: Iraq Jaber <IraqJaber@gmail.com> 2025-01-29 10:29:00 +00:00
			`func getErrorInfo(id, key string, err error) protoadapt.MessageV1 {`
			`var errorInfo protoadapt.MessageV1`

			`var wpe *commandErrors.WrongPasswordError`
			`if err != nil && errors.As(err, &wpe) {`
			`errorInfo = &message.CredentialsCheckError{Id: id, Message: key, FailedAttempts: wpe.FailedAttempts}`
			`} else {`
			`errorInfo = &message.ErrorDetail{Id: id, Message: key}`
			`}`

			`return errorInfo`
			`}`