fix: safe auth strategy execution (#11515)

Previously when `authenticate` method from an authentication strategy failed it stopped execution of the current request in `createPayloadRequest` which isn't a good behavior. Right now it completely prevents the admin panel from loading: <img width="637" alt="image" src="https://github.com/user-attachments/assets/7a6ca006-7457-4f9f-8746-7b3f52d65583" /> Now, each `strategy.authenticate` call is wrapped into `try` / `catch`, if an error happens we use `logError` to correctly log that error by its logging level.
2025-03-05 23:34:23 +02:00
parent 2163b0fdb5
commit 312aa639b6
1 changed files with 12 additions and 7 deletions
--- a/packages/payload/src/auth/executeAuthStrategies.ts
+++ b/packages/payload/src/auth/executeAuthStrategies.ts
@@ -1,5 +1,6 @@
 import type { AuthStrategyFunctionArgs, AuthStrategyResult } from './index.js'

+import { logError } from '../utilities/logError.js'
 import { mergeHeaders } from '../utilities/mergeHeaders.js'
 export const executeAuthStrategies = async (
  args: AuthStrategyFunctionArgs,
@@ -14,14 +15,18 @@ export const executeAuthStrategies = async (
    // add the configured AuthStrategy `name` to the strategy function args
    args.strategyName = strategy.name

-    const authResult = await strategy.authenticate(args)
-    if (authResult.responseHeaders) {
-      authResult.responseHeaders = mergeHeaders(
-        result.responseHeaders || new Headers(),
-        authResult.responseHeaders || new Headers(),
-      )
+    try {
+      const authResult = await strategy.authenticate(args)
+      if (authResult.responseHeaders) {
+        authResult.responseHeaders = mergeHeaders(
+          result.responseHeaders || new Headers(),
+          authResult.responseHeaders || new Headers(),
+        )
+      }
+      result = authResult
+    } catch (err) {
+      logError({ err, payload: args.payload })
    }
-    result = authResult

    if (result.user) {
      return result