supertokens · rishabhpoddar · Dec 6, 2023 · Dec 4, 2023 · Dec 4, 2023 · Dec 5, 2023
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres
 to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [7.0.16] - 2023-12-04
+
+- Returns 400, instead of 500, for badly typed core config while creating CUD, App or Tenant
+
 ## [7.0.15] - 2023-11-28
 
 - Adds test for user pagination from old version

diff --git a/build.gradle b/build.gradle
@@ -19,7 +19,7 @@ compileTestJava { options.encoding = "UTF-8" }
 //    }
 //}
 
-version = "7.0.15"
+version = "7.0.16"
 
 
 repositories {

diff --git a/src/main/java/io/supertokens/webserver/api/multitenancy/BaseCreateOrUpdate.java b/src/main/java/io/supertokens/webserver/api/multitenancy/BaseCreateOrUpdate.java
@@ -16,6 +16,7 @@
 
 package io.supertokens.webserver.api.multitenancy;
 
+import com.fasterxml.jackson.databind.exc.InvalidFormatException;
 import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
 import io.supertokens.Main;
@@ -138,6 +139,8 @@ protected void handle(HttpServletRequest req, TenantIdentifier sourceTenantIdent
             throw new ServletException(new BadRequestException("Invalid core config: " + e.getMessage()));
         } catch (InvalidProviderConfigException e) {
             throw new ServletException(new BadRequestException("Invalid third party config: " + e.getMessage()));
+        } catch (InvalidFormatException e) {
+            throw new ServletException(new BadRequestException("Cannot deserialize value `" + e.getValue() + "` for property `" + e.getPath().get(0).getFieldName() + "`"));
         }
     }
 

diff --git a/src/test/java/io/supertokens/test/multitenant/api/TestApp.java b/src/test/java/io/supertokens/test/multitenant/api/TestApp.java
@@ -507,4 +507,26 @@ public void testDefaultRecipesEnabledWhileCreatingApp() throws Exception {
         assertTrue(tenant.get("thirdParty").getAsJsonObject().get("enabled").getAsBoolean());
         assertTrue(tenant.get("passwordless").getAsJsonObject().get("enabled").getAsBoolean());
     }
+
+    @Test
+    public void testInvalidTypedValueInCoreConfigWhileCreatingApp() throws Exception {
+        if (StorageLayer.getStorage(process.getProcess()).getType() != STORAGE_TYPE.SQL) {
+            return;
+        }
+
+        JsonObject config = new JsonObject();
+        config.addProperty("access_token_validity", "abcd");
+        StorageLayer.getBaseStorage(process.getProcess()).modifyConfigToAddANewUserPoolForTesting(config, 1);
+
+        try {
+            JsonObject response = TestMultitenancyAPIHelper.createApp(
+                    process.getProcess(),
+                    new TenantIdentifier(null, null, null),
+                    "a1", null, null, null,
+                    config);
+        } catch (HttpResponseException e) {
+            assertEquals(400, e.statusCode);
+            assertTrue(e.getMessage().contains("Cannot deserialize value `abcd` for property `access_token_validity`"));
+        }
+    }
 }