fix(core): Improve error handling in credential decryption and parsing (#12868)

2025-12-19 19:11:13 +00:00 · 2025-01-27 20:03:34 +01:00
parent f64c6bf9ac
commit 0c86bf2b37
3 changed files with 83 additions and 13 deletions
--- a/packages/core/src/credentials.ts
+++ b/packages/core/src/credentials.ts
@@ -2,8 +2,18 @@ import { Container } from '@n8n/di';
 import type { ICredentialDataDecryptedObject, ICredentialsEncrypted } from 'n8n-workflow';
 import { ApplicationError, ICredentials, jsonParse } from 'n8n-workflow';

+import { CREDENTIAL_ERRORS } from '@/constants';
 import { Cipher } from '@/encryption/cipher';

+class CredentialDataError extends ApplicationError {
+	constructor({ name, type, id }: Credentials<object>, message: string, cause?: unknown) {
+		super(message, {
+			extra: { name, type, id },
+			cause,
+		});
+	}
+}
+
 export class Credentials<
 	T extends object = ICredentialDataDecryptedObject,
 > extends ICredentials<T> {
@@ -21,17 +31,20 @@ export class Credentials<
 	 */
 	getData(): T {
 		if (this.data === undefined) {
-			throw new ApplicationError('No data is set so nothing can be returned.');
+			throw new CredentialDataError(this, CREDENTIAL_ERRORS.NO_DATA);
+		}
+
+		let decryptedData: string;
+		try {
+			decryptedData = this.cipher.decrypt(this.data);
+		} catch (cause) {
+			throw new CredentialDataError(this, CREDENTIAL_ERRORS.DECRYPTION_FAILED, cause);
 		}

 		try {
-			const decryptedData = this.cipher.decrypt(this.data);
-
 			return jsonParse(decryptedData);
-		} catch (e) {
-			throw new ApplicationError(
-				'Credentials could not be decrypted. The likely reason is that a different "encryptionKey" was used to encrypt the data.',
-			);
+		} catch (cause) {
+			throw new CredentialDataError(this, CREDENTIAL_ERRORS.INVALID_JSON, cause);
 		}
 	}