[
https://issues.apache.org/jira/browse/FINERACT-2511?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Farooq Ayoade updated FINERACT-2511:
------------------------------------
Priority: Minor (was: Major)
> Invalid dateFormat on client create returns HTTP 500 instead of 400 Bad
> Request
> -------------------------------------------------------------------------------
>
> Key: FINERACT-2511
> URL: https://issues.apache.org/jira/browse/FINERACT-2511
> Project: Apache Fineract
> Issue Type: Bug
> Components: Client
> Reporter: Farooq Ayoade
> Priority: Minor
>
> When creating a client via {{POST /fineract-provider/api/v1/clients}} with an
> invalid or unsupported {{dateFormat}} value, the API returns *HTTP 500
> Internal Server Error* instead of *HTTP 400 Bad Request* with a clear
> validation error.
> h3. Steps to Reproduce
> # Call the Create Client API with a request body that uses an invalid
> {{dateFormat}} (e.g. a literal date string instead of a pattern):
> {
> "officeId": 1,
> "firstname": "John",
> "lastname": "Doe",
> "externalId": "EXT-124tyyy",
> "locale": "en",
> "dateFormat": "02 February 2026"
> }
> # Observe the response: *500 Internal Server Error* with a generic error
> payload.
> h3. Expected Behavior
> * The API should return *HTTP 400 Bad Request* with a validation error
> indicating that {{dateFormat}} is invalid.
> * Response body should follow the standard Fineract validation error format
> (e.g. {{ApiGlobalErrorResponse}} with {{errors}} containing a parameter error
> for {{{}dateFormat{}}}).
> * Example message: _"Invalid dateFormat: `02 February 2026`. Use a valid
> Java date/time pattern (e.g. dd MMMM yyyy)."_
> h3. Actual Behavior
> * *HTTP 500 Internal Server Error* is returned.
> * Server log shows: {{java.lang.IllegalArgumentException: Unknown pattern
> letter: b}}
> * Stack trace points to:
> {{ClientWritePlatformServiceJpaRepositoryImpl.createClient}} (line 309):
> {{DateTimeFormatter.ofPattern(command.dateFormat()).withLocale(locale)}}
> * The {{dateFormat}} value {{"02 February 2026"}} is a sample date, not a
> pattern. When used as a pattern, the letter {{b}} (in "February") is not a
> valid {{DateTimeFormatter}} pattern letter, causing the exception.
> h3. Root Cause
> * The {{dateFormat}} request parameter is *not validated* before use. It is
> passed through to {{DateTimeFormatter.ofPattern(...)}} inside the client
> write service.
> * When the pattern is invalid, {{DateTimeFormatter.ofPattern()}} throws
> {{{}IllegalArgumentException{}}}, which is not translated to a validation
> (400) response. It is handled by the default exception mapper and returned as
> 500.
> h3. Affected Code Paths
> ** *Primary:*
> {{org.apache.fineract.portfolio.client.service.ClientWritePlatformServiceJpaRepositoryImpl#createClient}}
> (line 309), and similarly line 716 (update flow).
> ** *Related:* {{ClientChargeWritePlatformServiceImpl}} also uses
> {{DateTimeFormatter.ofPattern(command.dateFormat())}} without prior
> validation (lines 99, 139).
> ** *Validation gap:* {{ClientDataValidator#validateForCreate}} does not
> validate that {{dateFormat}} (when present) is a valid Java date/time pattern.
> h3. Impact
> ** Poor API contract: client errors (invalid input) are reported as server
> errors (500).
> ** Confusing for API consumers and harder to debug.
> ** Inconsistent with other validation errors (e.g. invalid locale, missing
> required fields) which correctly return 400.
> h2. Acceptance Criteria
> *** When {{dateFormat}} is present in the request and is not a valid
> {{DateTimeFormatter}} pattern, the API returns {*}HTTP 400 Bad Request{*}.
> *** The response body is a standard Fineract validation error (e.g.
> {{PlatformApiDataValidationException}} → {{{}ApiGlobalErrorResponse{}}}) with
> a clear message for the {{dateFormat}} parameter.
> *** Valid {{dateFormat}} values (e.g. {{{}dd MMMM yyyy{}}},
> {{{}yyyy-MM-dd{}}}) continue to work as before.
> *** Fix applies to client create (and ideally client update and other
> endpoints that accept {{dateFormat}} where applicable).
> *** No regression: existing tests pass; new test(s) cover invalid
> {{dateFormat}} → 400.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
