IS 5.11 returns invalid error codes when the database server is offline #13808
Description
Describe the issue:
Identity Server 5.11.0 gives invalid error codes when the database server is down.
When retrieving the CORs configuration from within the CORs valve, a "CORSManagementServiceException" is thrown and it is not properly handled in line (1). With this PR that error is properly handled with an internal server error code.
The issue of sending 401 for basic auth requests is also fixed with this PR. The current implementation catches an "IdentityRuntimeException" (2) when the database is down and a 401 is returned. This is fixed to return a 500 instead of 401. Also in an exceptional scenario, an "AuthenticationFailException" is caught (3) when the DB is down since the userID cannot be retrieved from the user store since the database is down. For this, a new exception "AuthenticationFailServerException" is introduced and the error is handled as an internal server error.
How to reproduce:
-
Setup an updated Identity Server 5.11. Start the server and make the database server offline. Then send a token request and observe the response has a 200 OK with an empty body.
-
Setup an updated identity server 5.11. Start the server and make the database server offline, Then send a basic auth request and observe the response has a 401.
Expected behavior:
Since this is an exceptional case where the database server is offline, an internal server error code (500) should be returned.
Environment information (Please complete the following information; remove any unnecessary fields) :
- Product Version: 5.11.0
- OS: Mac
- Database: MySQL, Postgres
- Userstore: JDBC