Farooq Ayoade created FINERACT-2511:
---------------------------------------
Summary: Invalid dateFormat on client create returns HTTP 500
instead of 400 Bad Request
Key: FINERACT-2511
URL: https://issues.apache.org/jira/browse/FINERACT-2511
Project: Apache Fineract
Issue Type: Bug
Components: Client
Reporter: Farooq Ayoade
When creating a client via {{POST /fineract-provider/api/v1/clients}} with an
invalid or unsupported {{dateFormat}} value, the API returns *HTTP 500 Internal
Server Error* instead of *HTTP 400 Bad Request* with a clear validation error.
h3. Steps to Reproduce
# Call the Create Client API with a request body that uses an invalid
{{dateFormat}} (e.g. a literal date string instead of a pattern):
{
"officeId": 1,
"firstname": "John",
"lastname": "Doe",
"externalId": "EXT-124tyyy",
"locale": "en",
"dateFormat": "02 February 2026"
}
# Observe the response: *500 Internal Server Error* with a generic error
payload.
h3. Expected Behavior
* The API should return *HTTP 400 Bad Request* with a validation error
indicating that {{dateFormat}} is invalid.
* Response body should follow the standard Fineract validation error format
(e.g. {{ApiGlobalErrorResponse}} with {{errors}} containing a parameter error
for {{{}dateFormat{}}}).
* Example message: _"Invalid dateFormat: `02 February 2026`. Use a valid Java
date/time pattern (e.g. dd MMMM yyyy)."_
h3. Actual Behavior
* *HTTP 500 Internal Server Error* is returned.
* Server log shows: {{java.lang.IllegalArgumentException: Unknown pattern
letter: b}}
* Stack trace points to:
{{ClientWritePlatformServiceJpaRepositoryImpl.createClient}} (line 309):
{{DateTimeFormatter.ofPattern(command.dateFormat()).withLocale(locale)}}
* The {{dateFormat}} value {{"02 February 2026"}} is a sample date, not a
pattern. When used as a pattern, the letter {{b}} (in "February") is not a
valid {{DateTimeFormatter}} pattern letter, causing the exception.
h3. Root Cause
* The {{dateFormat}} request parameter is *not validated* before use. It is
passed through to {{DateTimeFormatter.ofPattern(...)}} inside the client write
service.
* When the pattern is invalid, {{DateTimeFormatter.ofPattern()}} throws
{{{}IllegalArgumentException{}}}, which is not translated to a validation (400)
response. It is handled by the default exception mapper and returned as 500.
h3. Affected Code Paths
** *Primary:*
{{org.apache.fineract.portfolio.client.service.ClientWritePlatformServiceJpaRepositoryImpl#createClient}}
(line 309), and similarly line 716 (update flow).
** *Related:* {{ClientChargeWritePlatformServiceImpl}} also uses
{{DateTimeFormatter.ofPattern(command.dateFormat())}} without prior validation
(lines 99, 139).
** *Validation gap:* {{ClientDataValidator#validateForCreate}} does not
validate that {{dateFormat}} (when present) is a valid Java date/time pattern.
h3. Impact
** Poor API contract: client errors (invalid input) are reported as server
errors (500).
** Confusing for API consumers and harder to debug.
** Inconsistent with other validation errors (e.g. invalid locale, missing
required fields) which correctly return 400.
h2. Acceptance Criteria
*** When {{dateFormat}} is present in the request and is not a valid
{{DateTimeFormatter}} pattern, the API returns {*}HTTP 400 Bad Request{*}.
*** The response body is a standard Fineract validation error (e.g.
{{PlatformApiDataValidationException}} → {{{}ApiGlobalErrorResponse{}}}) with a
clear message for the {{dateFormat}} parameter.
*** Valid {{dateFormat}} values (e.g. {{{}dd MMMM yyyy{}}},
{{{}yyyy-MM-dd{}}}) continue to work as before.
*** Fix applies to client create (and ideally client update and other
endpoints that accept {{dateFormat}} where applicable).
*** No regression: existing tests pass; new test(s) cover invalid
{{dateFormat}} → 400.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
