Skip to content

chore: Require form data for login endpoint#37402

Merged
sharat87 merged 1 commit intoreleasefrom
chore/no-json-login
Nov 20, 2024
Merged

chore: Require form data for login endpoint#37402
sharat87 merged 1 commit intoreleasefrom
chore/no-json-login

Conversation

@sharat87
Copy link
Member

@sharat87 sharat87 commented Nov 15, 2024
edited by coderabbitai bot
Loading

The Login API endpoint isn't checking for the request Content-Type, and is attempting to parse the payload as form data (?) irrespective of the incoming content type. So, if we attempt to make a JSON login attempt, like:

http -v :8080/api/v1/login username=a@b.com password=dummy
We see the following lengthy useless error on the server: 
[2024-11-15 07:22:12,040] [nioEventLoopGroup-3-8] requestId= userEmail= traceId= spanId= - Can't find user 
[2024-11-15 07:22:12,042] [boundedElastic-1] requestId= userEmail= traceId= spanId= - In the login failure handler. Cause: Unable to find username: 
org.springframework.security.core.userdetails.UsernameNotFoundException: Unable to find username: 
	at com.appsmith.server.authentication.handlers.ce.CustomFormLoginServiceCEImpl.findByUsername(CustomFormLoginServiceCEImpl.java:36)
	Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException: 
Assembly trace from producer [reactor.core.publisher.MonoLift] :
	reactor.core.publisher.Mono.error(Mono.java:299)
	com.appsmith.server.authentication.handlers.ce.CustomFormLoginServiceCEImpl.findByUsername(CustomFormLoginServiceCEImpl.java:37)
Error has been observed at the following site(s):
	*__________________________________Mono.error ⇢ at com.appsmith.server.authentication.handlers.ce.CustomFormLoginServiceCEImpl.findByUsername(CustomFormLoginServiceCEImpl.java:37)
	*__________________________Mono.switchIfEmpty ⇢ at com.appsmith.server.authentication.handlers.ce.CustomFormLoginServiceCEImpl.findByUsername(CustomFormLoginServiceCEImpl.java:37)
	|_                            Mono.onErrorMap ⇢ at com.appsmith.server.authentication.handlers.ce.CustomFormLoginServiceCEImpl.findByUsername(CustomFormLoginServiceCEImpl.java:38)
	|_                                   Mono.map ⇢ at com.appsmith.server.authentication.handlers.ce.CustomFormLoginServiceCEImpl.findByUsername(CustomFormLoginServiceCEImpl.java:43)
	|_                              Mono.doOnNext ⇢ at org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager.authenticate(AbstractUserDetailsReactiveAuthenticationManager.java:105)
	|_                             Mono.publishOn ⇢ at org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager.authenticate(AbstractUserDetailsReactiveAuthenticationManager.java:106)
	|_                                Mono.filter ⇢ at org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager.authenticate(AbstractUserDetailsReactiveAuthenticationManager.java:107)
	|_                         Mono.switchIfEmpty ⇢ at org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager.authenticate(AbstractUserDetailsReactiveAuthenticationManager.java:108)
	|_                               Mono.flatMap ⇢ at org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager.authenticate(AbstractUserDetailsReactiveAuthenticationManager.java:109)
	|_                               Mono.flatMap ⇢ at org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager.authenticate(AbstractUserDetailsReactiveAuthenticationManager.java:110)
	|_                              Mono.doOnNext ⇢ at org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager.authenticate(AbstractUserDetailsReactiveAuthenticationManager.java:111)
	|_                                   Mono.map ⇢ at org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager.authenticate(AbstractUserDetailsReactiveAuthenticationManager.java:112)
	|_                           Mono.doOnSuccess ⇢ at org.springframework.security.authentication.ObservationReactiveAuthenticationManager.lambda$authenticate$3(ObservationReactiveAuthenticationManager.java:58)
	|_                            Mono.doOnCancel ⇢ at org.springframework.security.authentication.ObservationReactiveAuthenticationManager.lambda$authenticate$3(ObservationReactiveAuthenticationManager.java:61)
	|_                             Mono.doOnError ⇢ at org.springframework.security.authentication.ObservationReactiveAuthenticationManager.lambda$authenticate$3(ObservationReactiveAuthenticationManager.java:61)
	*__FluxOnErrorResume$ResumeSubscriber.onError ⇢ at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onError(MDCConfig.java:64)
	*________________________Mono.deferContextual ⇢ at org.springframework.security.authentication.ObservationReactiveAuthenticationManager.authenticate(ObservationReactiveAuthenticationManager.java:54)
	*________________________________Mono.flatMap ⇢ at org.springframework.security.web.server.authentication.AuthenticationWebFilter.authenticate(AuthenticationWebFilter.java:122)
	|_                         Mono.switchIfEmpty ⇢ at org.springframework.security.web.server.authentication.AuthenticationWebFilter.authenticate(AuthenticationWebFilter.java:123)
	|_                               Mono.flatMap ⇢ at org.springframework.security.web.server.authentication.AuthenticationWebFilter.authenticate(AuthenticationWebFilter.java:125)
	|_                             Mono.doOnError ⇢ at org.springframework.security.web.server.authentication.AuthenticationWebFilter.authenticate(AuthenticationWebFilter.java:127)
	*________________________________Mono.flatMap ⇢ at org.springframework.security.web.server.authentication.AuthenticationWebFilter.filter(AuthenticationWebFilter.java:115)
Original Stack Trace:
		at com.appsmith.server.authentication.handlers.ce.CustomFormLoginServiceCEImpl.findByUsername(CustomFormLoginServiceCEImpl.java:36)
		at org.springframework.security.authentication.UserDetailsRepositoryReactiveAuthenticationManager.retrieveUser(UserDetailsRepositoryReactiveAuthenticationManager.java:45)
		at org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager.authenticate(AbstractUserDetailsReactiveAuthenticationManager.java:104)
		at org.springframework.security.authentication.ObservationReactiveAuthenticationManager.lambda$authenticate$3(ObservationReactiveAuthenticationManager.java:58)
		at reactor.core.publisher.MonoDeferContextual.subscribe(MonoDeferContextual.java:47)
		at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:165)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
		at reactor.core.publisher.Operators$ScalarSubscription.request(Operators.java:2571)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
		at reactor.core.publisher.MonoFlatMap$FlatMapMain.request(MonoFlatMap.java:194)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
		at reactor.core.publisher.Operators$MultiSubscriptionSubscriber.set(Operators.java:2367)
		at reactor.core.publisher.Operators$MultiSubscriptionSubscriber.onSubscribe(Operators.java:2241)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
		at reactor.core.publisher.MonoFlatMap$FlatMapMain.onSubscribe(MonoFlatMap.java:117)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
		at reactor.core.publisher.MonoJust.subscribe(MonoJust.java:55)
		at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:165)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onNext(FluxSwitchIfEmpty.java:74)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
		at reactor.core.publisher.MonoFlatMap$FlatMapMain.secondComplete(MonoFlatMap.java:245)
		at reactor.core.publisher.MonoFlatMap$FlatMapInner.onNext(MonoFlatMap.java:305)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
		at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onNext(FluxMapFuseable.java:129)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1865)
		at reactor.core.publisher.MonoCacheTime.subscribeOrReturn(MonoCacheTime.java:151)
		at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:63)
		at reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:165)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
		at reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onNext(FluxFilterFuseable.java:118)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
		at reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onNext(FluxPeekFuseable.java:210)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onNext(FluxSwitchIfEmpty.java:74)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.MonoNext$NextSubscriber.onNext(MonoNext.java:82)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
		at reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onNext(FluxFilterFuseable.java:118)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.FluxFlatMap$FlatMapMain.tryEmit(FluxFlatMap.java:547)
		at reactor.core.publisher.FluxFlatMap$FlatMapInner.onNext(FluxFlatMap.java:988)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
		at reactor.core.publisher.Operators$ScalarSubscription.request(Operators.java:2571)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
		at reactor.core.publisher.FluxFlatMap$FlatMapInner.onSubscribe(FluxFlatMap.java:968)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
		at reactor.core.publisher.MonoJust.subscribe(MonoJust.java:55)
		at reactor.core.publisher.Mono.subscribe(Mono.java:4576)
		at reactor.core.publisher.FluxFlatMap$FlatMapMain.onNext(FluxFlatMap.java:430)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
		at reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onNext(FluxPeekFuseable.java:210)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
		at reactor.core.publisher.FluxIterable$IterableSubscription.slowPath(FluxIterable.java:335)
		at reactor.core.publisher.FluxIterable$IterableSubscription.request(FluxIterable.java:294)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
		at reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.request(FluxPeekFuseable.java:144)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
		at reactor.core.publisher.FluxFlatMap$FlatMapMain.onSubscribe(FluxFlatMap.java:373)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
		at reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onSubscribe(FluxPeekFuseable.java:178)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
		at reactor.core.publisher.FluxIterable.subscribe(FluxIterable.java:201)
		at reactor.core.publisher.FluxIterable.subscribe(FluxIterable.java:83)
		at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:53)
		at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:165)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.Operators$BaseFluxToMonoOperator.completePossiblyEmpty(Operators.java:2097)
		at reactor.core.publisher.FluxDefaultIfEmpty$DefaultIfEmptySubscriber.onComplete(FluxDefaultIfEmpty.java:134)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:69)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onComplete(FluxHide.java:147)
		at reactor.core.publisher.FluxHandleFuseable$HandleFuseableSubscriber.onComplete(FluxHandleFuseable.java:239)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:69)
		at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1866)
		at reactor.core.publisher.MonoCacheTime$CoordinatorSubscriber.signalCached(MonoCacheTime.java:337)
		at reactor.core.publisher.MonoCacheTime$CoordinatorSubscriber.onNext(MonoCacheTime.java:354)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
		at reactor.core.publisher.Operators$ScalarSubscription.request(Operators.java:2571)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
		at reactor.core.publisher.MonoCacheTime$CoordinatorSubscriber.onSubscribe(MonoCacheTime.java:293)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
		at reactor.core.publisher.MonoJust.subscribe(MonoJust.java:55)
		at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoCacheTime.subscribeOrReturn(MonoCacheTime.java:143)
		at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:63)
		at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:53)
		at reactor.core.publisher.Mono.subscribe(Mono.java:4576)
		at reactor.core.publisher.MonoIgnoreThen$ThenIgnoreMain.subscribeNext(MonoIgnoreThen.java:265)
		at reactor.core.publisher.MonoIgnoreThen.subscribe(MonoIgnoreThen.java:51)
		at reactor.core.publisher.Mono.subscribe(Mono.java:4576)
		at reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:82)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:69)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onComplete(FluxHide.java:147)
		at reactor.core.publisher.MonoFlatMap$FlatMapMain.onComplete(MonoFlatMap.java:189)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:69)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onComplete(FluxHide.java:147)
		at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onComplete(FluxMapFuseable.java:152)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:69)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onComplete(FluxHide.java:147)
		at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onComplete(FluxMapFuseable.java:152)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:69)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onComplete(FluxHide.java:147)
		at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onComplete(FluxMapFuseable.java:152)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:69)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onComplete(FluxHide.java:147)
		at reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onComplete(FluxFilterFuseable.java:171)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:69)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onComplete(FluxHide.java:147)
		at reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onComplete(FluxPeekFuseable.java:277)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:69)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onComplete(FluxHide.java:147)
		at reactor.core.publisher.Operators$ScalarSubscription.request(Operators.java:2573)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
		at reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.request(FluxPeekFuseable.java:144)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
		at reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.request(FluxFilterFuseable.java:191)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
		at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.request(FluxMapFuseable.java:171)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
		at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.request(FluxMapFuseable.java:171)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
		at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.request(FluxMapFuseable.java:171)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
		at reactor.core.publisher.MonoFlatMap$FlatMapMain.request(MonoFlatMap.java:194)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
		at reactor.core.publisher.Operators$MultiSubscriptionSubscriber.set(Operators.java:2367)
		at reactor.core.publisher.Operators$MultiSubscriptionSubscriber.onSubscribe(Operators.java:2241)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
		at reactor.core.publisher.MonoFlatMap$FlatMapMain.onSubscribe(MonoFlatMap.java:117)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
		at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onSubscribe(FluxMapFuseable.java:96)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
		at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onSubscribe(FluxMapFuseable.java:96)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
		at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onSubscribe(FluxMapFuseable.java:96)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
		at reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onSubscribe(FluxFilterFuseable.java:87)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
		at reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onSubscribe(FluxPeekFuseable.java:178)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
		at reactor.core.publisher.MonoJust.subscribe(MonoJust.java:55)
		at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:53)
		at reactor.core.publisher.Mono.subscribe(Mono.java:4576)
		at reactor.core.publisher.MonoIgnoreThen$ThenIgnoreMain.subscribeNext(MonoIgnoreThen.java:265)
		at reactor.core.publisher.MonoIgnoreThen.subscribe(MonoIgnoreThen.java:51)
		at reactor.core.publisher.Mono.subscribe(Mono.java:4576)
		at reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:82)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:69)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onComplete(FluxHide.java:147)
		at reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:155)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
		at reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onNext(FluxFilterFuseable.java:118)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
		at reactor.core.publisher.Operators$ScalarSubscription.request(Operators.java:2571)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
		at reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.request(FluxFilterFuseable.java:191)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
		at reactor.core.publisher.MonoFlatMap$FlatMapMain.request(MonoFlatMap.java:194)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
		at reactor.core.publisher.Operators$MultiSubscriptionSubscriber.set(Operators.java:2367)
		at reactor.core.publisher.Operators$MultiSubscriptionSubscriber.onSubscribe(Operators.java:2241)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
		at reactor.core.publisher.MonoFlatMap$FlatMapMain.onSubscribe(MonoFlatMap.java:117)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
		at reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onSubscribe(FluxFilterFuseable.java:87)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
		at reactor.core.publisher.MonoJust.subscribe(MonoJust.java:55)
		at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:53)
		at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:53)
		at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:53)
		at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:53)
		at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:53)
		at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoDeferContextual.subscribe(MonoDeferContextual.java:55)
		at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:53)
		at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:165)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
		at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onNext(FluxMapFuseable.java:129)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
		at reactor.core.publisher.MonoFlatMap$FlatMapMain.secondComplete(MonoFlatMap.java:245)
		at reactor.core.publisher.MonoFlatMap$FlatMapInner.onNext(MonoFlatMap.java:305)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
		at reactor.core.publisher.Operators$BaseFluxToMonoOperator.completePossiblyEmpty(Operators.java:2097)
		at reactor.core.publisher.MonoCollectList$MonoCollectListSubscriber.onComplete(MonoCollectList.java:118)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:69)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onComplete(FluxHide.java:147)
		at reactor.core.publisher.FluxIterable$IterableSubscription.fastPath(FluxIterable.java:424)
		at reactor.core.publisher.FluxIterable$IterableSubscription.request(FluxIterable.java:291)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
		at reactor.core.publisher.Operators$BaseFluxToMonoOperator.request(Operators.java:2067)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
		at reactor.core.publisher.MonoFlatMap$FlatMapInner.onSubscribe(MonoFlatMap.java:291)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
		at reactor.core.publisher.Operators$BaseFluxToMonoOperator.onSubscribe(Operators.java:2051)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
		at reactor.core.publisher.FluxIterable.subscribe(FluxIterable.java:201)
		at reactor.core.publisher.FluxIterable.subscribe(FluxIterable.java:83)
		at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:165)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onNext(FluxSwitchIfEmpty.java:74)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.MonoNext$NextSubscriber.onNext(MonoNext.java:82)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.FluxFilterWhen$FluxFilterWhenSubscriber.drain(FluxFilterWhen.java:302)
		at reactor.core.publisher.FluxFilterWhen$FluxFilterWhenSubscriber.onNext(FluxFilterWhen.java:140)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
		at reactor.core.publisher.FluxIterable$IterableSubscription.slowPath(FluxIterable.java:335)
		at reactor.core.publisher.FluxIterable$IterableSubscription.request(FluxIterable.java:294)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
		at reactor.core.publisher.FluxFilterWhen$FluxFilterWhenSubscriber.onSubscribe(FluxFilterWhen.java:200)
		at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
		at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
		at reactor.core.publisher.FluxIterable.subscribe(FluxIterable.java:201)
		at reactor.core.publisher.FluxIterable.subscribe(FluxIterable.java:83)
		at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:53)
		at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:53)
		at reactor.core.publisher.Mono.subscribe(Mono.java:4576)
		at reactor.core.publisher.MonoIgnoreThen$ThenIgnoreMain.subscribeNext(MonoIgnoreThen.java:265)
		at reactor.core.publisher.MonoIgnoreThen.subscribe(MonoIgnoreThen.java:51)
		at reactor.core.publisher.Mono.subscribe(Mono.java:4576)
		at reactor.core.publisher.MonoIgnoreThen$ThenIgnoreMain.subscribeNext(MonoIgnoreThen.java:265)
		at reactor.core.publisher.MonoIgnoreThen.subscribe(MonoIgnoreThen.java:51)
		at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoDeferContextual.subscribe(MonoDeferContextual.java:55)
		at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.netty.http.server.HttpServer$HttpServerHandle.onStateChange(HttpServer.java:1176)
		at reactor.netty.ReactorNetty$CompositeConnectionObserver.onStateChange(ReactorNetty.java:715)
		at reactor.netty.transport.ServerTransport$ChildObserver.onStateChange(ServerTransport.java:481)
		at reactor.netty.http.server.HttpServerOperations.handleDefaultHttpRequest(HttpServerOperations.java:829)
		at reactor.netty.http.server.HttpServerOperations.onInboundNext(HttpServerOperations.java:774)
		at reactor.netty.channel.ChannelOperationsHandler.channelRead(ChannelOperationsHandler.java:115)
		at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
		at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
		at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
		at reactor.netty.http.server.HttpTrafficHandler.channelRead(HttpTrafficHandler.java:262)
		at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442)
		at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
		at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
		at io.netty.channel.CombinedChannelDuplexHandler$DelegatingChannelHandlerContext.fireChannelRead(CombinedChannelDuplexHandler.java:436)
		at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:346)
		at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:333)
		at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:455)
		at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
		at io.netty.channel.CombinedChannelDuplexHandler.channelRead(CombinedChannelDuplexHandler.java:251)
		at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442)
		at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
		at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
		at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1407)
		at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
		at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
		at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:918)
		at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
		at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788)
		at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:724)
		at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:650)
		at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562)
		at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:994)
		at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
		at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
		at java.base/java.lang.Thread.run(Thread.java:833)

In this PR, we're changing the matcher for the login endpoint to check for the Content-Type explicitly. With this, the server doesn't log any error, and responds with a 401 Unauthorized.

Automation

/test sanity authentication

🔍 Cypress test results

Tip

🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉
Workflow run: https://github.com/appsmithorg/appsmith/actions/runs/11853152657
Commit: 3a4620d
Cypress dashboard.
Tags: @tag.Sanity, @tag.Authentication
Spec:

Fri, 15 Nov 2024 09:25:59 UTC

Communication

Should the DevRel and Marketing teams inform users about this change?

  • Yes
  • No

Summary by CodeRabbit

  • New Features

    • Enhanced authentication mechanism for the login process, improving request validation.

  • Bug Fixes

    • Refined matching logic for authentication requests to ensure better security compliance.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Nov 15, 2024
edited
Loading

Walkthrough

The changes in SecurityConfig.java involve a refinement of the authentication mechanism for login requests. A new method using a lambda expression replaces the previous requiresAuthenticationMatcher, enhancing the specificity of request matching by validating the request method, path, and content type. New import statements for necessary classes have been added, while the overall structure of the security configuration remains unchanged, ensuring consistent functionality in CSRF handling, exception management, and authorization rules.

Changes

File Change Summary
app/server/appsmith-server/src/main/java/com/appsmith/server/configurations/SecurityConfig.java Updated authentication matcher method to use a lambda expression for improved specificity in request matching. Added new import statements.

Possibly related PRs

Suggested labels

Login / Signup, Critical

Suggested reviewers

  • mohanarpit
  • nidhi-nair
  • sondermanish
  • abhvsn

🎉 In the realm of code, a change so bright,
Authentication refined, now feels just right.
With lambdas in play, requests dance and sway,
Security enhanced, come what may!
A path well-defined, for login's delight,
Cheers to the changes, let’s code through the night! 🎊

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@github-actions github-actions bot added the skip-changelog Adding this label to a PR prevents it from being listed in the changelog label Nov 15, 2024
@sharat87 sharat87 added the ok-to-test Required label for CI label Nov 15, 2024
@sharat87 sharat87 marked this pull request as ready for review November 15, 2024 09:51
coderabbitai[bot]
coderabbitai bot reviewed Nov 15, 2024
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (1)
app/server/appsmith-server/src/main/java/com/appsmith/server/configurations/SecurityConfig.java (1)

233-242: Consider minor improvements for maintainability

Consider extracting the content type check to a constant and adding a comment explaining the security rationale.

+ // Only accept form-urlencoded data for login to prevent content-type related security issues
+ private static final MediaType ALLOWED_LOGIN_CONTENT_TYPE = MediaType.APPLICATION_FORM_URLENCODED;

  .requiresAuthenticationMatcher(exchange -> {
      final ServerHttpRequest request = exchange.getRequest();
      return HttpMethod.POST.equals(request.getMethod())
              && Url.LOGIN_URL.equals(
                      request.getPath().toString())
-             && MediaType.APPLICATION_FORM_URLENCODED.equalsTypeAndSubtype(
+             && ALLOWED_LOGIN_CONTENT_TYPE.equalsTypeAndSubtype(
                      request.getHeaders().getContentType())
          ? ServerWebExchangeMatcher.MatchResult.match()
          : ServerWebExchangeMatcher.MatchResult.notMatch();
  })
📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 1deab1f and 3a4620d.

📒 Files selected for processing (1)
  • app/server/appsmith-server/src/main/java/com/appsmith/server/configurations/SecurityConfig.java (3 hunks)
🔇 Additional comments (2)
app/server/appsmith-server/src/main/java/com/appsmith/server/configurations/SecurityConfig.java (2)

31-31: LGTM: Required imports added for enhanced request matching

The new imports support the enhanced authentication matcher implementation.

Also applies to: 46-46

233-242: LGTM: Enhanced authentication matcher implementation

The new matcher correctly enforces form-urlencoded content type for login requests, addressing the issue with JSON payload attempts.

@mohanarpit
Copy link
Member

mohanarpit commented Nov 20, 2024

@sharat87 Thanks for this PR. For my understanding, why would the client be sending JSON body for login though? If we are receiving a JSON body, would that mean that we are getting API requests from random bots?

@sharat87 sharat87 merged commit ac4c714 into release Nov 20, 2024
@sharat87 sharat87 deleted the chore/no-json-login branch November 20, 2024 05:08
@sharat87
Copy link
Member Author

sharat87 commented Nov 20, 2024

@mohanarpit, that's absolutely right. Our client never sends JSON data for the login endpoint. It used to, several several years ago, but no more. Any requests to the login endpoint with JSON data are illegit.

github-actions bot pushed a commit to Zeral-Zhang/appsmith that referenced this pull request Nov 20, 2024
@sharat87
chore: Require form data for login endpoint (appsmithorg#37402)
02d1f64 
The Login API endpoint isn't checking for the request `Content-Type`,
and is attempting to parse the payload as form data (?) irrespective of
the incoming content type. So, if we attempt to make a JSON login
attempt, like:

```
http -v :8080/api/v1/login username=a@b.com password=dummy
```

<details>
<summary>We see the following lengthy useless error on the
server:</summary>
<pre>
[2024-11-15 07:22:12,040] [nioEventLoopGroup-3-8] requestId= userEmail=
traceId= spanId= - Can't find user
[2024-11-15 07:22:12,042] [boundedElastic-1] requestId= userEmail=
traceId= spanId= - In the login failure handler. Cause: Unable to find
username:

org.springframework.security.core.userdetails.UsernameNotFoundException:
Unable to find username:
at
com.appsmith.server.authentication.handlers.ce.CustomFormLoginServiceCEImpl.findByUsername(CustomFormLoginServiceCEImpl.java:36)
	Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException: 
Assembly trace from producer [reactor.core.publisher.MonoLift] :
	reactor.core.publisher.Mono.error(Mono.java:299)

com.appsmith.server.authentication.handlers.ce.CustomFormLoginServiceCEImpl.findByUsername(CustomFormLoginServiceCEImpl.java:37)
Error has been observed at the following site(s):
*__________________________________Mono.error ⇢ at
com.appsmith.server.authentication.handlers.ce.CustomFormLoginServiceCEImpl.findByUsername(CustomFormLoginServiceCEImpl.java:37)
*__________________________Mono.switchIfEmpty ⇢ at
com.appsmith.server.authentication.handlers.ce.CustomFormLoginServiceCEImpl.findByUsername(CustomFormLoginServiceCEImpl.java:37)
|_ Mono.onErrorMap ⇢ at
com.appsmith.server.authentication.handlers.ce.CustomFormLoginServiceCEImpl.findByUsername(CustomFormLoginServiceCEImpl.java:38)
|_ Mono.map ⇢ at
com.appsmith.server.authentication.handlers.ce.CustomFormLoginServiceCEImpl.findByUsername(CustomFormLoginServiceCEImpl.java:43)
|_ Mono.doOnNext ⇢ at
org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager.authenticate(AbstractUserDetailsReactiveAuthenticationManager.java:105)
|_ Mono.publishOn ⇢ at
org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager.authenticate(AbstractUserDetailsReactiveAuthenticationManager.java:106)
|_ Mono.filter ⇢ at
org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager.authenticate(AbstractUserDetailsReactiveAuthenticationManager.java:107)
|_ Mono.switchIfEmpty ⇢ at
org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager.authenticate(AbstractUserDetailsReactiveAuthenticationManager.java:108)
|_ Mono.flatMap ⇢ at
org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager.authenticate(AbstractUserDetailsReactiveAuthenticationManager.java:109)
|_ Mono.flatMap ⇢ at
org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager.authenticate(AbstractUserDetailsReactiveAuthenticationManager.java:110)
|_ Mono.doOnNext ⇢ at
org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager.authenticate(AbstractUserDetailsReactiveAuthenticationManager.java:111)
|_ Mono.map ⇢ at
org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager.authenticate(AbstractUserDetailsReactiveAuthenticationManager.java:112)
|_ Mono.doOnSuccess ⇢ at
org.springframework.security.authentication.ObservationReactiveAuthenticationManager.lambda$authenticate$3(ObservationReactiveAuthenticationManager.java:58)
|_ Mono.doOnCancel ⇢ at
org.springframework.security.authentication.ObservationReactiveAuthenticationManager.lambda$authenticate$3(ObservationReactiveAuthenticationManager.java:61)
|_ Mono.doOnError ⇢ at
org.springframework.security.authentication.ObservationReactiveAuthenticationManager.lambda$authenticate$3(ObservationReactiveAuthenticationManager.java:61)
*__FluxOnErrorResume$ResumeSubscriber.onError ⇢ at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onError(MDCConfig.java:64)
*________________________Mono.deferContextual ⇢ at
org.springframework.security.authentication.ObservationReactiveAuthenticationManager.authenticate(ObservationReactiveAuthenticationManager.java:54)
*________________________________Mono.flatMap ⇢ at
org.springframework.security.web.server.authentication.AuthenticationWebFilter.authenticate(AuthenticationWebFilter.java:122)
|_ Mono.switchIfEmpty ⇢ at
org.springframework.security.web.server.authentication.AuthenticationWebFilter.authenticate(AuthenticationWebFilter.java:123)
|_ Mono.flatMap ⇢ at
org.springframework.security.web.server.authentication.AuthenticationWebFilter.authenticate(AuthenticationWebFilter.java:125)
|_ Mono.doOnError ⇢ at
org.springframework.security.web.server.authentication.AuthenticationWebFilter.authenticate(AuthenticationWebFilter.java:127)
*________________________________Mono.flatMap ⇢ at
org.springframework.security.web.server.authentication.AuthenticationWebFilter.filter(AuthenticationWebFilter.java:115)
Original Stack Trace:
at
com.appsmith.server.authentication.handlers.ce.CustomFormLoginServiceCEImpl.findByUsername(CustomFormLoginServiceCEImpl.java:36)
at
org.springframework.security.authentication.UserDetailsRepositoryReactiveAuthenticationManager.retrieveUser(UserDetailsRepositoryReactiveAuthenticationManager.java:45)
at
org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager.authenticate(AbstractUserDetailsReactiveAuthenticationManager.java:104)
at
org.springframework.security.authentication.ObservationReactiveAuthenticationManager.lambda$authenticate$3(ObservationReactiveAuthenticationManager.java:58)
at
reactor.core.publisher.MonoDeferContextual.subscribe(MonoDeferContextual.java:47)
at
reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
at
reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:165)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
at
reactor.core.publisher.Operators$ScalarSubscription.request(Operators.java:2571)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
at
reactor.core.publisher.MonoFlatMap$FlatMapMain.request(MonoFlatMap.java:194)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
at
reactor.core.publisher.Operators$MultiSubscriptionSubscriber.set(Operators.java:2367)
at
reactor.core.publisher.Operators$MultiSubscriptionSubscriber.onSubscribe(Operators.java:2241)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
at
reactor.core.publisher.MonoFlatMap$FlatMapMain.onSubscribe(MonoFlatMap.java:117)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
		at reactor.core.publisher.MonoJust.subscribe(MonoJust.java:55)
at
reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
at
reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:165)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onNext(FluxSwitchIfEmpty.java:74)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
at
reactor.core.publisher.MonoFlatMap$FlatMapMain.secondComplete(MonoFlatMap.java:245)
at
reactor.core.publisher.MonoFlatMap$FlatMapInner.onNext(MonoFlatMap.java:305)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
at
reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onNext(FluxMapFuseable.java:129)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1865)
at
reactor.core.publisher.MonoCacheTime.subscribeOrReturn(MonoCacheTime.java:151)
at
reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:63)
at
reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:165)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
at
reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onNext(FluxFilterFuseable.java:118)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
at
reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onNext(FluxPeekFuseable.java:210)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onNext(FluxSwitchIfEmpty.java:74)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.MonoNext$NextSubscriber.onNext(MonoNext.java:82)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
at
reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onNext(FluxFilterFuseable.java:118)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.FluxFlatMap$FlatMapMain.tryEmit(FluxFlatMap.java:547)
at
reactor.core.publisher.FluxFlatMap$FlatMapInner.onNext(FluxFlatMap.java:988)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
at
reactor.core.publisher.Operators$ScalarSubscription.request(Operators.java:2571)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
at
reactor.core.publisher.FluxFlatMap$FlatMapInner.onSubscribe(FluxFlatMap.java:968)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
		at reactor.core.publisher.MonoJust.subscribe(MonoJust.java:55)
		at reactor.core.publisher.Mono.subscribe(Mono.java:4576)
at
reactor.core.publisher.FluxFlatMap$FlatMapMain.onNext(FluxFlatMap.java:430)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
at
reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onNext(FluxPeekFuseable.java:210)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
at
reactor.core.publisher.FluxIterable$IterableSubscription.slowPath(FluxIterable.java:335)
at
reactor.core.publisher.FluxIterable$IterableSubscription.request(FluxIterable.java:294)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
at
reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.request(FluxPeekFuseable.java:144)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
at
reactor.core.publisher.FluxFlatMap$FlatMapMain.onSubscribe(FluxFlatMap.java:373)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
at
reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onSubscribe(FluxPeekFuseable.java:178)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
at reactor.core.publisher.FluxIterable.subscribe(FluxIterable.java:201)
		at reactor.core.publisher.FluxIterable.subscribe(FluxIterable.java:83)
at
reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:53)
at
reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
at
reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:165)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.Operators$BaseFluxToMonoOperator.completePossiblyEmpty(Operators.java:2097)
at
reactor.core.publisher.FluxDefaultIfEmpty$DefaultIfEmptySubscriber.onComplete(FluxDefaultIfEmpty.java:134)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:69)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onComplete(FluxHide.java:147)
at
reactor.core.publisher.FluxHandleFuseable$HandleFuseableSubscriber.onComplete(FluxHandleFuseable.java:239)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:69)
at
reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1866)
at
reactor.core.publisher.MonoCacheTime$CoordinatorSubscriber.signalCached(MonoCacheTime.java:337)
at
reactor.core.publisher.MonoCacheTime$CoordinatorSubscriber.onNext(MonoCacheTime.java:354)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
at
reactor.core.publisher.Operators$ScalarSubscription.request(Operators.java:2571)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
at
reactor.core.publisher.MonoCacheTime$CoordinatorSubscriber.onSubscribe(MonoCacheTime.java:293)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
		at reactor.core.publisher.MonoJust.subscribe(MonoJust.java:55)
at
reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
at
reactor.core.publisher.MonoCacheTime.subscribeOrReturn(MonoCacheTime.java:143)
at
reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:63)
		at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:53)
		at reactor.core.publisher.Mono.subscribe(Mono.java:4576)
at
reactor.core.publisher.MonoIgnoreThen$ThenIgnoreMain.subscribeNext(MonoIgnoreThen.java:265)
at
reactor.core.publisher.MonoIgnoreThen.subscribe(MonoIgnoreThen.java:51)
		at reactor.core.publisher.Mono.subscribe(Mono.java:4576)
at
reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:82)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:69)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onComplete(FluxHide.java:147)
at
reactor.core.publisher.MonoFlatMap$FlatMapMain.onComplete(MonoFlatMap.java:189)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:69)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onComplete(FluxHide.java:147)
at
reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onComplete(FluxMapFuseable.java:152)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:69)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onComplete(FluxHide.java:147)
at
reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onComplete(FluxMapFuseable.java:152)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:69)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onComplete(FluxHide.java:147)
at
reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onComplete(FluxMapFuseable.java:152)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:69)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onComplete(FluxHide.java:147)
at
reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onComplete(FluxFilterFuseable.java:171)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:69)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onComplete(FluxHide.java:147)
at
reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onComplete(FluxPeekFuseable.java:277)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:69)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onComplete(FluxHide.java:147)
at
reactor.core.publisher.Operators$ScalarSubscription.request(Operators.java:2573)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
at
reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.request(FluxPeekFuseable.java:144)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
at
reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.request(FluxFilterFuseable.java:191)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
at
reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.request(FluxMapFuseable.java:171)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
at
reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.request(FluxMapFuseable.java:171)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
at
reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.request(FluxMapFuseable.java:171)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
at
reactor.core.publisher.MonoFlatMap$FlatMapMain.request(MonoFlatMap.java:194)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
at
reactor.core.publisher.Operators$MultiSubscriptionSubscriber.set(Operators.java:2367)
at
reactor.core.publisher.Operators$MultiSubscriptionSubscriber.onSubscribe(Operators.java:2241)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
at
reactor.core.publisher.MonoFlatMap$FlatMapMain.onSubscribe(MonoFlatMap.java:117)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
at
reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onSubscribe(FluxMapFuseable.java:96)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
at
reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onSubscribe(FluxMapFuseable.java:96)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
at
reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onSubscribe(FluxMapFuseable.java:96)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
at
reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onSubscribe(FluxFilterFuseable.java:87)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
at
reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onSubscribe(FluxPeekFuseable.java:178)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
		at reactor.core.publisher.MonoJust.subscribe(MonoJust.java:55)
at
reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:53)
		at reactor.core.publisher.Mono.subscribe(Mono.java:4576)
at
reactor.core.publisher.MonoIgnoreThen$ThenIgnoreMain.subscribeNext(MonoIgnoreThen.java:265)
at
reactor.core.publisher.MonoIgnoreThen.subscribe(MonoIgnoreThen.java:51)
		at reactor.core.publisher.Mono.subscribe(Mono.java:4576)
at
reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:82)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:69)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onComplete(FluxHide.java:147)
at
reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:155)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
at
reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onNext(FluxFilterFuseable.java:118)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
at
reactor.core.publisher.Operators$ScalarSubscription.request(Operators.java:2571)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
at
reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.request(FluxFilterFuseable.java:191)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
at
reactor.core.publisher.MonoFlatMap$FlatMapMain.request(MonoFlatMap.java:194)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
at
reactor.core.publisher.Operators$MultiSubscriptionSubscriber.set(Operators.java:2367)
at
reactor.core.publisher.Operators$MultiSubscriptionSubscriber.onSubscribe(Operators.java:2241)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
at
reactor.core.publisher.MonoFlatMap$FlatMapMain.onSubscribe(MonoFlatMap.java:117)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
at
reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onSubscribe(FluxFilterFuseable.java:87)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
		at reactor.core.publisher.MonoJust.subscribe(MonoJust.java:55)
at
reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:53)
at
reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:53)
at
reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:53)
at
reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:53)
at
reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:53)
at
reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
at
reactor.core.publisher.MonoDeferContextual.subscribe(MonoDeferContextual.java:55)
at
reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:53)
at
reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
at
reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:165)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
at
reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onNext(FluxMapFuseable.java:129)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
at
reactor.core.publisher.MonoFlatMap$FlatMapMain.secondComplete(MonoFlatMap.java:245)
at
reactor.core.publisher.MonoFlatMap$FlatMapInner.onNext(MonoFlatMap.java:305)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
at
reactor.core.publisher.Operators$BaseFluxToMonoOperator.completePossiblyEmpty(Operators.java:2097)
at
reactor.core.publisher.MonoCollectList$MonoCollectListSubscriber.onComplete(MonoCollectList.java:118)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:69)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onComplete(FluxHide.java:147)
at
reactor.core.publisher.FluxIterable$IterableSubscription.fastPath(FluxIterable.java:424)
at
reactor.core.publisher.FluxIterable$IterableSubscription.request(FluxIterable.java:291)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
at
reactor.core.publisher.Operators$BaseFluxToMonoOperator.request(Operators.java:2067)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
at
reactor.core.publisher.MonoFlatMap$FlatMapInner.onSubscribe(MonoFlatMap.java:291)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
at
reactor.core.publisher.Operators$BaseFluxToMonoOperator.onSubscribe(Operators.java:2051)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
at reactor.core.publisher.FluxIterable.subscribe(FluxIterable.java:201)
		at reactor.core.publisher.FluxIterable.subscribe(FluxIterable.java:83)
at
reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
at
reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:165)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onNext(FluxSwitchIfEmpty.java:74)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.MonoNext$NextSubscriber.onNext(MonoNext.java:82)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.FluxFilterWhen$FluxFilterWhenSubscriber.drain(FluxFilterWhen.java:302)
at
reactor.core.publisher.FluxFilterWhen$FluxFilterWhenSubscriber.onNext(FluxFilterWhen.java:140)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:59)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
at
reactor.core.publisher.FluxIterable$IterableSubscription.slowPath(FluxIterable.java:335)
at
reactor.core.publisher.FluxIterable$IterableSubscription.request(FluxIterable.java:294)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.request(FluxHide.java:152)
at
reactor.core.publisher.FluxFilterWhen$FluxFilterWhenSubscriber.onSubscribe(FluxFilterWhen.java:200)
at
com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onSubscribe(MDCConfig.java:53)
at
reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onSubscribe(FluxHide.java:122)
at reactor.core.publisher.FluxIterable.subscribe(FluxIterable.java:201)
		at reactor.core.publisher.FluxIterable.subscribe(FluxIterable.java:83)
at
reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:53)
at
reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
		at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:53)
		at reactor.core.publisher.Mono.subscribe(Mono.java:4576)
at
reactor.core.publisher.MonoIgnoreThen$ThenIgnoreMain.subscribeNext(MonoIgnoreThen.java:265)
at
reactor.core.publisher.MonoIgnoreThen.subscribe(MonoIgnoreThen.java:51)
		at reactor.core.publisher.Mono.subscribe(Mono.java:4576)
at
reactor.core.publisher.MonoIgnoreThen$ThenIgnoreMain.subscribeNext(MonoIgnoreThen.java:265)
at
reactor.core.publisher.MonoIgnoreThen.subscribe(MonoIgnoreThen.java:51)
at
reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
at
reactor.core.publisher.MonoDeferContextual.subscribe(MonoDeferContextual.java:55)
at
reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:76)
at
reactor.netty.http.server.HttpServer$HttpServerHandle.onStateChange(HttpServer.java:1176)
at
reactor.netty.ReactorNetty$CompositeConnectionObserver.onStateChange(ReactorNetty.java:715)
at
reactor.netty.transport.ServerTransport$ChildObserver.onStateChange(ServerTransport.java:481)
at
reactor.netty.http.server.HttpServerOperations.handleDefaultHttpRequest(HttpServerOperations.java:829)
at
reactor.netty.http.server.HttpServerOperations.onInboundNext(HttpServerOperations.java:774)
at
reactor.netty.channel.ChannelOperationsHandler.channelRead(ChannelOperationsHandler.java:115)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
at
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
at
reactor.netty.http.server.HttpTrafficHandler.channelRead(HttpTrafficHandler.java:262)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
at
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
at
io.netty.channel.CombinedChannelDuplexHandler$DelegatingChannelHandlerContext.fireChannelRead(CombinedChannelDuplexHandler.java:436)
at
io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:346)
at
io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:333)
at
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:455)
at
io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
at
io.netty.channel.CombinedChannelDuplexHandler.channelRead(CombinedChannelDuplexHandler.java:251)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
at
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
at
io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1407)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
at
io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:918)
at
io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
at
io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788)
at
io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:724)
at
io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:650)
		at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562)
at
io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:994)
at
io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at
io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
		at java.base/java.lang.Thread.run(Thread.java:833)
</pre>
</details>

In this PR, we're changing the matcher for the login endpoint to check
for the `Content-Type` explicitly. With this, the server doesn't log any
error, and responds with a `401 Unauthorized`.


## Automation

/test sanity authentication

### :mag: Cypress test results
<!-- This is an auto-generated comment: Cypress test results  -->
> [!TIP]
> 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/11853152657>
> Commit: 3a4620d
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=11853152657&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Sanity, @tag.Authentication`
> Spec:
> <hr>Fri, 15 Nov 2024 09:25:59 UTC
<!-- end of auto-generated comment: Cypress test results  -->


## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [x] No


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- **New Features**
- Enhanced authentication mechanism for the login process, improving
request validation.
  
- **Bug Fixes**
- Refined matching logic for authentication requests to ensure better
security compliance.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@mohanarpit mohanarpit mohanarpit approved these changes

@nidhi-nair nidhi-nair Awaiting requested review from nidhi-nair

@trishaanand trishaanand Awaiting requested review from trishaanand

@abhvsn abhvsn Awaiting requested review from abhvsn

Assignees

No one assigned

Labels

ok-to-test Required label for CI skip-changelog Adding this label to a PR prevents it from being listed in the changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sharat87 @mohanarpit