fix: prevent expected auth errors from being reported to Sentry (#7215)

Co-authored-by: Cursor <cursoragent@cursor.com>

apps/web/app/(app)/environments/[environmentId]/actions.ts

@@ -2,7 +2,7 @@
 
 import { z } from "zod";
 import { ZId } from "@formbricks/types/common";
-import { OperationNotAllowedError } from "@formbricks/types/errors";
+import { AuthorizationError, OperationNotAllowedError } from "@formbricks/types/errors";
 import { ZProjectUpdateInput } from "@formbricks/types/project";
 import { getMembershipByUserIdOrganizationId } from "@/lib/membership/service";
 import { getOrganization } from "@/lib/organization/service";
@@ -138,7 +138,7 @@ export const getProjectsForSwitcherAction = authenticatedActionClient
     // Need membership for getProjectsByUserId (1 DB query)
     const membership = await getMembershipByUserIdOrganizationId(ctx.user.id, parsedInput.organizationId);
     if (!membership) {
-      throw new Error("Membership not found");
+      throw new AuthorizationError("Membership not found");
     }
 
     return await getProjectsByUserId(ctx.user.id, membership);

apps/web/app/error.tsx

@@ -3,8 +3,9 @@
 // Error components must be Client components
 import * as Sentry from "@sentry/nextjs";
 import { TFunction } from "i18next";
+import { useEffect } from "react";
 import { useTranslation } from "react-i18next";
-import { type ClientErrorType, getClientErrorData } from "@formbricks/types/errors";
+import { type ClientErrorType, getClientErrorData, isExpectedError } from "@formbricks/types/errors";
 import { Button } from "@/modules/ui/components/button";
 import { ErrorComponent } from "@/modules/ui/components/error-component";
 
@@ -30,11 +31,13 @@ const ErrorBoundary = ({ error, reset }: { error: Error; reset: () => void }) =>
   const errorData = getClientErrorData(error);
   const { title, description } = getErrorMessages(errorData.type, t);
 
-  if (process.env.NODE_ENV === "development") {
-    console.error(error.message);
-  } else {
-    Sentry.captureException(error);
-  }
+  useEffect(() => {
+    if (process.env.NODE_ENV === "development") {
+      console.error(error.message);
+    } else if (!isExpectedError(error)) {
+      Sentry.captureException(error);
+    }
+  }, [error]);
 
   return (
     <div className="flex h-full w-full flex-col items-center justify-center">

apps/web/lib/utils/action-client/index.test.ts

@@ -0,0 +1,261 @@
+import * as Sentry from "@sentry/nextjs";
+import { getServerSession } from "next-auth";
+import { DEFAULT_SERVER_ERROR_MESSAGE } from "next-safe-action";
+import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
+import {
+  AuthenticationError,
+  AuthorizationError,
+  EXPECTED_ERROR_NAMES,
+  InvalidInputError,
+  OperationNotAllowedError,
+  ResourceNotFoundError,
+  TooManyRequestsError,
+  UnknownError,
+  ValidationError,
+  isExpectedError,
+} from "@formbricks/types/errors";
+
+// Mock Sentry
+vi.mock("@sentry/nextjs", () => ({
+  captureException: vi.fn(),
+}));
+
+// Mock logger — use plain functions for chained calls so vi.resetAllMocks() doesn't break them
+vi.mock("@formbricks/logger", () => ({
+  logger: {
+    withContext: () => ({ error: vi.fn() }),
+    warn: vi.fn(),
+  },
+}));
+
+// Mock next-auth
+vi.mock("next-auth", () => ({
+  getServerSession: vi.fn(),
+}));
+
+// Mock authOptions
+vi.mock("@/modules/auth/lib/authOptions", () => ({
+  authOptions: {},
+}));
+
+// Mock user service
+vi.mock("@/lib/user/service", () => ({
+  getUser: vi.fn(),
+}));
+
+// Mock client IP
+vi.mock("@/lib/utils/client-ip", () => ({
+  getClientIpFromHeaders: vi.fn(),
+}));
+
+// Mock constants
+vi.mock("@/lib/constants", () => ({
+  AUDIT_LOG_ENABLED: false,
+  AUDIT_LOG_GET_USER_IP: false,
+}));
+
+// Mock audit log types
+vi.mock("@/modules/ee/audit-logs/types/audit-log", () => ({
+  UNKNOWN_DATA: "unknown",
+}));
+
+// ── shared helper tests (pure logic, no action client needed) ──────────
+
+describe("isExpectedError (shared helper)", () => {
+  test("EXPECTED_ERROR_NAMES contains exactly the right error names", () => {
+    const expected = [
+      "ResourceNotFoundError",
+      "AuthorizationError",
+      "InvalidInputError",
+      "ValidationError",
+      "AuthenticationError",
+      "OperationNotAllowedError",
+      "TooManyRequestsError",
+    ];
+
+    expect(EXPECTED_ERROR_NAMES.size).toBe(expected.length);
+    for (const name of expected) {
+      expect(EXPECTED_ERROR_NAMES.has(name)).toBe(true);
+    }
+  });
+
+  test.each([
+    { ErrorClass: AuthorizationError, args: ["Not authorized"] },
+    { ErrorClass: AuthenticationError, args: ["Not authenticated"] },
+    { ErrorClass: TooManyRequestsError, args: ["Rate limit exceeded"] },
+    { ErrorClass: ResourceNotFoundError, args: ["Survey", "123"] },
+    { ErrorClass: InvalidInputError, args: ["Invalid input"] },
+    { ErrorClass: ValidationError, args: ["Invalid data"] },
+    { ErrorClass: OperationNotAllowedError, args: ["Not allowed"] },
+  ])("returns true for $ErrorClass.name", ({ ErrorClass, args }) => {
+    const error = new (ErrorClass as any)(...args);
+    expect(isExpectedError(error)).toBe(true);
+  });
+
+  test("returns true for serialised errors that only have a matching name", () => {
+    const serialisedError = new Error("Auth failed");
+    serialisedError.name = "AuthorizationError";
+    expect(isExpectedError(serialisedError)).toBe(true);
+  });
+
+  test.each([
+    { error: new Error("Something broke"), label: "Error" },
+    { error: new TypeError("Cannot read properties"), label: "TypeError" },
+    { error: new RangeError("Maximum call stack"), label: "RangeError" },
+    { error: new UnknownError("Unknown"), label: "UnknownError" },
+  ])("returns false for $label", ({ error }) => {
+    expect(isExpectedError(error)).toBe(false);
+  });
+});
+
+// ── integration tests against the real actionClient / authenticatedActionClient ──
+
+describe("actionClient handleServerError", () => {
+  // Lazily import so mocks are in place first
+  let actionClient: (typeof import("./index"))["actionClient"];
+
+  beforeEach(async () => {
+    vi.clearAllMocks();
+    const mod = await import("./index");
+    actionClient = mod.actionClient;
+  });
+
+  afterEach(() => {
+    vi.clearAllMocks();
+  });
+
+  // Helper: create and execute an action that throws the given error
+  const executeThrowingAction = async (error: Error) => {
+    const action = actionClient.action(async () => {
+      throw error;
+    });
+    return action();
+  };
+
+  describe("expected errors should NOT be reported to Sentry", () => {
+    test("AuthorizationError returns its message and is not sent to Sentry", async () => {
+      const result = await executeThrowingAction(new AuthorizationError("Not authorized"));
+      expect(result?.serverError).toBe("Not authorized");
+      expect(Sentry.captureException).not.toHaveBeenCalled();
+    });
+
+    test("AuthenticationError returns its message and is not sent to Sentry", async () => {
+      const result = await executeThrowingAction(new AuthenticationError("Not authenticated"));
+      expect(result?.serverError).toBe("Not authenticated");
+      expect(Sentry.captureException).not.toHaveBeenCalled();
+    });
+
+    test("TooManyRequestsError returns its message and is not sent to Sentry", async () => {
+      const result = await executeThrowingAction(new TooManyRequestsError("Rate limit exceeded"));
+      expect(result?.serverError).toBe("Rate limit exceeded");
+      expect(Sentry.captureException).not.toHaveBeenCalled();
+    });
+
+    test("ResourceNotFoundError returns its message and is not sent to Sentry", async () => {
+      const result = await executeThrowingAction(new ResourceNotFoundError("Survey", "123"));
+      expect(result?.serverError).toContain("Survey");
+      expect(Sentry.captureException).not.toHaveBeenCalled();
+    });
+
+    test("InvalidInputError returns its message and is not sent to Sentry", async () => {
+      const result = await executeThrowingAction(new InvalidInputError("Invalid input"));
+      expect(result?.serverError).toBe("Invalid input");
+      expect(Sentry.captureException).not.toHaveBeenCalled();
+    });
+
+    test("ValidationError returns its message and is not sent to Sentry", async () => {
+      const result = await executeThrowingAction(new ValidationError("Invalid data"));
+      expect(result?.serverError).toBe("Invalid data");
+      expect(Sentry.captureException).not.toHaveBeenCalled();
+    });
+
+    test("OperationNotAllowedError returns its message and is not sent to Sentry", async () => {
+      const result = await executeThrowingAction(new OperationNotAllowedError("Not allowed"));
+      expect(result?.serverError).toBe("Not allowed");
+      expect(Sentry.captureException).not.toHaveBeenCalled();
+    });
+  });
+
+  describe("unexpected errors SHOULD be reported to Sentry", () => {
+    test("generic Error is sent to Sentry and returns default message", async () => {
+      const error = new Error("Something broke");
+      const result = await executeThrowingAction(error);
+      expect(result?.serverError).toBe(DEFAULT_SERVER_ERROR_MESSAGE);
+      expect(Sentry.captureException).toHaveBeenCalledWith(
+        error,
+        expect.objectContaining({ extra: expect.any(Object) })
+      );
+    });
+
+    test("TypeError is sent to Sentry and returns default message", async () => {
+      const error = new TypeError("Cannot read properties of undefined");
+      const result = await executeThrowingAction(error);
+      expect(result?.serverError).toBe(DEFAULT_SERVER_ERROR_MESSAGE);
+      expect(Sentry.captureException).toHaveBeenCalledWith(
+        error,
+        expect.objectContaining({ extra: expect.any(Object) })
+      );
+    });
+
+    test("UnknownError is sent to Sentry (not an expected business-logic error)", async () => {
+      const error = new UnknownError("Unknown error");
+      const result = await executeThrowingAction(error);
+      expect(result?.serverError).toBe(DEFAULT_SERVER_ERROR_MESSAGE);
+      expect(Sentry.captureException).toHaveBeenCalledWith(
+        error,
+        expect.objectContaining({ extra: expect.any(Object) })
+      );
+    });
+  });
+});
+
+describe("authenticatedActionClient", () => {
+  let authenticatedActionClient: (typeof import("./index"))["authenticatedActionClient"];
+  let getUser: (typeof import("@/lib/user/service"))["getUser"];
+
+  beforeEach(async () => {
+    vi.clearAllMocks();
+    const mod = await import("./index");
+    authenticatedActionClient = mod.authenticatedActionClient;
+    const userService = await import("@/lib/user/service");
+    getUser = userService.getUser;
+  });
+
+  afterEach(() => {
+    vi.clearAllMocks();
+  });
+
+  test("throws AuthenticationError when there is no session", async () => {
+    vi.mocked(getServerSession).mockResolvedValue(null);
+
+    const action = authenticatedActionClient.action(async () => "ok");
+    const result = await action();
+
+    // handleServerError catches AuthenticationError and returns its message
+    expect(result?.serverError).toBe("Not authenticated");
+    expect(Sentry.captureException).not.toHaveBeenCalled();
+  });
+
+  test("throws AuthorizationError when user is not found", async () => {
+    vi.mocked(getServerSession).mockResolvedValue({ user: { id: "user-1" } });
+    vi.mocked(getUser).mockResolvedValue(null as any);
+
+    const action = authenticatedActionClient.action(async () => "ok");
+    const result = await action();
+
+    expect(result?.serverError).toBe("User not found");
+    expect(Sentry.captureException).not.toHaveBeenCalled();
+  });
+
+  test("executes action successfully when session and user exist", async () => {
+    vi.mocked(getServerSession).mockResolvedValue({ user: { id: "user-1" } });
+    vi.mocked(getUser).mockResolvedValue({ id: "user-1", name: "Test" } as any);
+
+    const action = authenticatedActionClient.action(async () => "success");
+    const result = await action();
+
+    expect(result?.data).toBe("success");
+    expect(result?.serverError).toBeUndefined();
+    expect(Sentry.captureException).not.toHaveBeenCalled();
+  });
+});

apps/web/lib/utils/action-client/index.ts

@@ -3,15 +3,7 @@ import { getServerSession } from "next-auth";
 import { DEFAULT_SERVER_ERROR_MESSAGE, createSafeActionClient } from "next-safe-action";
 import { v4 as uuidv4 } from "uuid";
 import { logger } from "@formbricks/logger";
-import {
-  AuthenticationError,
-  AuthorizationError,
-  InvalidInputError,
-  OperationNotAllowedError,
-  ResourceNotFoundError,
-  TooManyRequestsError,
-  UnknownError,
-} from "@formbricks/types/errors";
+import { AuthenticationError, AuthorizationError, isExpectedError } from "@formbricks/types/errors";
 import { AUDIT_LOG_ENABLED, AUDIT_LOG_GET_USER_IP } from "@/lib/constants";
 import { getUser } from "@/lib/user/service";
 import { getClientIpFromHeaders } from "@/lib/utils/client-ip";
@@ -22,24 +14,18 @@ import { ActionClientCtx } from "./types/context";
 export const actionClient = createSafeActionClient({
   handleServerError(e, utils) {
     const eventId = (utils.ctx as Record<string, any>)?.auditLoggingCtx?.eventId ?? undefined; // keep explicit fallback
+
+    if (isExpectedError(e)) {
+      return e.message;
+    }
+
+    // Only capture unexpected errors to Sentry
     Sentry.captureException(e, {
       extra: {
         eventId,
       },
     });
 
-    if (
-      e instanceof ResourceNotFoundError ||
-      e instanceof AuthorizationError ||
-      e instanceof InvalidInputError ||
-      e instanceof UnknownError ||
-      e instanceof AuthenticationError ||
-      e instanceof OperationNotAllowedError ||
-      e instanceof TooManyRequestsError
-    ) {
-      return e.message;
-    }
-
     // eslint-disable-next-line no-console -- This error needs to be logged for debugging server-side errors
     logger.withContext({ eventId }).error(e, "SERVER ERROR");
     return DEFAULT_SERVER_ERROR_MESSAGE;

apps/web/modules/environments/lib/utils.test.ts

@@ -177,9 +177,9 @@ describe("utils.ts", () => {
       await expect(getEnvironmentAuth("env123")).rejects.toThrow("common.organization_not_found");
     });
 
-    test("throws error if membership not found", async () => {
+    test("throws AuthorizationError if membership not found", async () => {
       vi.mocked(getMembershipByUserIdOrganizationId).mockResolvedValueOnce(null);
-      await expect(getEnvironmentAuth("env123")).rejects.toThrow("common.membership_not_found");
+      await expect(getEnvironmentAuth("env123")).rejects.toThrow(AuthorizationError);
     });
   });
 
@@ -481,7 +481,7 @@ describe("utils.ts", () => {
       await expect(getEnvironmentLayoutData("env123", "user123")).rejects.toThrow(AuthorizationError);
     });
 
-    test("throws error if membership not found", async () => {
+    test("throws AuthorizationError if membership not found", async () => {
       vi.mocked(prisma.environment.findUnique).mockResolvedValueOnce({
         id: "env123",
         createdAt: new Date(),
@@ -519,9 +519,7 @@ describe("utils.ts", () => {
         },
       } as any);
 
-      await expect(getEnvironmentLayoutData("env123", "user123")).rejects.toThrow(
-        "common.membership_not_found"
-      );
+      await expect(getEnvironmentLayoutData("env123", "user123")).rejects.toThrow(AuthorizationError);
     });
 
     test("fetches user before auth check, then environment data after authorization", async () => {

apps/web/modules/environments/lib/utils.ts

@@ -61,7 +61,7 @@ export const getEnvironmentAuth = reactCache(async (environmentId: string): Prom
 
   const currentUserMembership = await getMembershipByUserIdOrganizationId(session?.user.id, organization.id);
   if (!currentUserMembership) {
-    throw new Error(t("common.membership_not_found"));
+    throw new AuthorizationError(t("common.membership_not_found"));
   }
 
   const { isMember, isOwner, isManager, isBilling } = getAccessFlags(currentUserMembership?.role);
@@ -293,7 +293,7 @@ export const getEnvironmentLayoutData = reactCache(
 
     // Validate user's membership was found
     if (!membership) {
-      throw new Error(t("common.membership_not_found"));
+      throw new AuthorizationError(t("common.membership_not_found"));
     }
 
     // Fetch remaining data in parallel

packages/types/errors.ts

@@ -128,6 +128,26 @@ export {
 };
 export type { NetworkError, ForbiddenError };
 
+/**
+ * Error names that represent expected business-logic failures.
+ * These are handled gracefully in the UI and should NOT be reported to Sentry.
+ */
+export const EXPECTED_ERROR_NAMES = new Set([
+  "ResourceNotFoundError",
+  "AuthorizationError",
+  "InvalidInputError",
+  "ValidationError",
+  "AuthenticationError",
+  "OperationNotAllowedError",
+  "TooManyRequestsError",
+]);
+
+/**
+ * Check whether an error is an expected business-logic failure.
+ * Works with both error instances and serialised errors (where only `name` survives).
+ */
+export const isExpectedError = (error: Error): boolean => EXPECTED_ERROR_NAMES.has(error.name);
+
 export interface ApiErrorResponse {
   code:
     | "not_found"