From 5dc03132ee41f4d8405974afbde10b3e33976888 Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Thu, 24 Feb 2022 17:27:29 +0100
Subject: [PATCH] fix: return 400 instead of 404 on admin recovery

Closes #1664
---
 selfservice/strategy/link/strategy_recovery.go      | 8 ++++++--
 selfservice/strategy/link/strategy_recovery_test.go | 2 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/selfservice/strategy/link/strategy_recovery.go b/selfservice/strategy/link/strategy_recovery.go
index 6bc97c988709..33ba3cd81887 100644
--- a/selfservice/strategy/link/strategy_recovery.go
+++ b/selfservice/strategy/link/strategy_recovery.go
@@ -121,8 +121,8 @@ type selfServiceRecoveryLink struct {
 //
 //     Responses:
 //       200: selfServiceRecoveryLink
-//       404: jsonError
 //       400: jsonError
+//       404: jsonError
 //       500: jsonError
 func (s *Strategy) createRecoveryLink(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
 	var p adminCreateSelfServiceRecoveryLinkBody
@@ -159,10 +159,14 @@ func (s *Strategy) createRecoveryLink(w http.ResponseWriter, r *http.Request, _
 	}
 
 	id, err := s.d.IdentityPool().GetIdentity(r.Context(), p.IdentityID)
-	if err != nil {
+	if errors.Is(err, herodot.ErrNotFound) {
+		s.d.Writer().WriteError(w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("The requested identity id does not exist.").WithWrap(err)))
+		return
+	} else if err != nil {
 		s.d.Writer().WriteError(w, r, err)
 		return
 	}
+
 	token := NewRecoveryToken(id.ID, expiresIn)
 	if err := s.d.RecoveryTokenPersister().CreateRecoveryToken(r.Context(), token); err != nil {
 		s.d.Writer().WriteError(w, r, err)
diff --git a/selfservice/strategy/link/strategy_recovery_test.go b/selfservice/strategy/link/strategy_recovery_test.go
index c3b1935e2c1c..8cb194afd986 100644
--- a/selfservice/strategy/link/strategy_recovery_test.go
+++ b/selfservice/strategy/link/strategy_recovery_test.go
@@ -93,7 +93,7 @@ func TestAdminStrategy(t *testing.T) {
 			IdentityId: x.NewUUID().String(),
 		}).Execute()
 		require.IsType(t, err, new(kratos.GenericOpenAPIError), "%T", err)
-		assert.EqualError(t, err.(*kratos.GenericOpenAPIError), "404 Not Found")
+		assert.EqualError(t, err.(*kratos.GenericOpenAPIError), "400 Bad Request")
 	})
 
 	t.Run("description=should create a valid recovery link without email", func(t *testing.T) {