@directus/api 33.3.1 → 34.0.1

package/dist/deployment/deployment.d.ts

@@ -1,4 +1,4 @@
-import type { Credentials, Deployment, Details, Log, Options, Project, TriggerResult } from '@directus/types';
+import type { Credentials, Deployment, DeploymentWebhookEvent, Details, Log, Options, Project, Status, TriggerResult, WebhookRegistrationResult } from '@directus/types';
 import type { AxiosRequestConfig, AxiosResponse } from 'axios';
 export type DeploymentRequestOptions = Pick<AxiosRequestConfig<string>, 'method' | 'headers'> & {
     body?: string | null;
@@ -77,7 +77,7 @@ export declare abstract class DeploymentDriver<TCredentials extends Credentials
      * @throws {HitRateLimitError} When rate limit is exceeded
      * @throws {ServiceUnavailableError} When provider API fails
      */
-    abstract cancelDeployment(deploymentId: string): Promise<void>;
+    abstract cancelDeployment(deploymentId: string): Promise<Status>;
     /**
      * Get deployment build logs
      *
@@ -91,4 +91,27 @@ export declare abstract class DeploymentDriver<TCredentials extends Credentials
     abstract getDeploymentLogs(deploymentId: string, options?: {
         since?: Date;
     }): Promise<Log[]>;
+    /**
+     * Register a webhook with the provider
+     *
+     * @param webhookUrl The public URL that will receive webhook events
+     * @param projectIds External project IDs to scope the webhook
+     * @returns Webhook ID and secret for signature verification
+     */
+    abstract registerWebhook(webhookUrl: string, projectIds: string[]): Promise<WebhookRegistrationResult>;
+    /**
+     * Unregister webhooks from the provider
+     *
+     * @param webhookIds The webhook IDs returned from registerWebhook
+     */
+    abstract unregisterWebhook(webhookIds: string[]): Promise<void>;
+    /**
+     * Verify webhook signature and parse the event payload
+     *
+     * @param rawBody Raw request body buffer (before JSON parsing)
+     * @param headers Request headers
+     * @param webhookSecret Secret used for signature verification
+     * @returns Parsed event or null if signature is invalid
+     */
+    abstract verifyAndParseWebhook(rawBody: Buffer, headers: Record<string, string | string[] | undefined>, webhookSecret: string): DeploymentWebhookEvent | null;
 }

package/dist/deployment/drivers/netlify.d.ts

@@ -1,4 +1,4 @@
-import type { Credentials, Deployment, Details, Log, Options, Project, TriggerResult } from '@directus/types';
+import type { Credentials, Deployment, DeploymentWebhookEvent, Details, Log, Options, Project, Status, TriggerResult, WebhookRegistrationResult } from '@directus/types';
 import { DeploymentDriver } from '../deployment.js';
 export interface NetlifyCredentials extends Credentials {
     access_token: string;
@@ -22,11 +22,15 @@ export declare class NetlifyDriver extends DeploymentDriver<NetlifyCredentials,
         preview?: boolean;
         clearCache?: boolean;
     }): Promise<TriggerResult>;
-    cancelDeployment(deploymentId: string): Promise<void>;
+    cancelDeployment(deploymentId: string): Promise<Status>;
     private closeWsConnection;
     private setupWsIdleTimeout;
     private setupWsConnectionTimeout;
     private getWsConnection;
+    registerWebhook(webhookUrl: string, projectIds: string[]): Promise<WebhookRegistrationResult>;
+    private cleanupStaleHooks;
+    unregisterWebhook(webhookIds: string[]): Promise<void>;
+    verifyAndParseWebhook(rawBody: Buffer, headers: Record<string, string | string[] | undefined>, webhookSecret: string): DeploymentWebhookEvent | null;
     getDeploymentLogs(deploymentId: string, options?: {
         since?: Date;
     }): Promise<Log[]>;

package/dist/deployment/drivers/netlify.js

@@ -1,6 +1,8 @@
+import { randomBytes, timingSafeEqual } from 'node:crypto';
 import { InvalidCredentialsError, ServiceUnavailableError } from '@directus/errors';
 import { NetlifyAPI } from '@netlify/api';
 import { isNumber } from 'lodash-es';
+import { useLogger } from '../../logger/index.js';
 import { DeploymentDriver } from '../deployment.js';
 const WS_CONNECTIONS = new Map();
 const WS_IDLE_TIMEOUT = 60_000; // 60 seconds
@@ -8,6 +10,13 @@ const WS_CONNECTION_TIMEOUT = 10_000; // 10 seconds
 // eslint-disable-next-line no-control-regex
 const ANSI_REGEX = /[\x1b]\[[0-9;]*m/g;
 const WS_URL = 'wss://socketeer.services.netlify.com/build/logs';
+const NETLIFY_WEBHOOK_EVENTS = ['deploy_created', 'deploy_building', 'deploy_failed', 'deploy_succeeded'];
+// Map Netlify deploy state to our normalized types
+const STATE_TO_EVENT = {
+    building: { type: 'deployment.created', status: 'building' },
+    ready: { type: 'deployment.succeeded', status: 'ready' },
+    error: { type: 'deployment.error', status: 'error' },
+};
 export class NetlifyDriver extends DeploymentDriver {
     api;
     constructor(credentials, options = {}) {
@@ -63,16 +72,23 @@ export class NetlifyDriver extends DeploymentDriver {
         return result;
     }
     async listProjects() {
-        const params = { per_page: '100' };
-        const response = await this.handleApiError((api) => {
-            return this.options.account_slug
-                ? api.listSitesForAccount({
-                    account_slug: this.options.account_slug,
-                    ...params,
-                })
-                : api.listSites(params);
-        });
-        return response.map((site) => this.mapSiteBase(site));
+        const allSites = [];
+        const perPage = 100;
+        let hasMore = true;
+        for (let page = 1; hasMore; page++) {
+            const params = { per_page: String(perPage), page: String(page) };
+            const response = await this.handleApiError((api) => {
+                return this.options.account_slug
+                    ? api.listSitesForAccount({
+                        account_slug: this.options.account_slug,
+                        ...params,
+                    })
+                    : api.listSites(params);
+            });
+            allSites.push(...response);
+            hasMore = response.length >= perPage;
+        }
+        return allSites.map((site) => this.mapSiteBase(site));
     }
     async getProject(projectId) {
         const site = await this.handleApiError((api) => api.getSite({ siteId: projectId }));
@@ -149,12 +165,27 @@ export class NetlifyDriver extends DeploymentDriver {
         const triggerResult = {
             deployment_id: buildResponse.deploy_id,
             status: this.mapStatus(deployState.state),
+            created_at: new Date(deployState.created_at),
         };
         return triggerResult;
     }
     async cancelDeployment(deploymentId) {
-        await this.handleApiError((api) => api.cancelSiteDeploy({ deployId: deploymentId }));
-        this.closeWsConnection(deploymentId);
+        try {
+            await this.handleApiError((api) => api.cancelSiteDeploy({ deployId: deploymentId }));
+            this.closeWsConnection(deploymentId);
+            return 'canceled';
+        }
+        catch {
+            const details = await this.getDeployment(deploymentId);
+            if (details.status !== 'building') {
+                this.closeWsConnection(deploymentId);
+                return details.status;
+            }
+            throw new ServiceUnavailableError({
+                service: 'netlify',
+                reason: `Could not cancel the deployment: ${deploymentId}`,
+            });
+        }
     }
     closeWsConnection(deploymentId, remove = true) {
         const connection = WS_CONNECTIONS.get(deploymentId);
@@ -245,6 +276,77 @@ export class NetlifyDriver extends DeploymentDriver {
             });
         });
     }
+    async registerWebhook(webhookUrl, projectIds) {
+        const logger = useLogger();
+        const secret = randomBytes(32).toString('hex');
+        const hookIds = [];
+        // Netlify API doesn't support JWS signing for API-created hooks,
+        // so we inject a token for verification instead
+        const signedUrl = `${webhookUrl}?token=${secret}`;
+        for (const siteId of projectIds) {
+            await this.cleanupStaleHooks(siteId, webhookUrl);
+        }
+        for (const siteId of projectIds) {
+            for (const event of NETLIFY_WEBHOOK_EVENTS) {
+                const hook = await this.handleApiError((api) => api.createHookBySiteId({
+                    site_id: siteId,
+                    body: { type: 'url', event, data: { url: signedUrl } },
+                }));
+                logger.debug(`[webhook:netlify] Created hook ${hook.id} for event ${event}`);
+                hookIds.push(hook.id);
+            }
+        }
+        return { webhook_ids: hookIds, webhook_secret: secret };
+    }
+    async cleanupStaleHooks(siteId, webhookUrl) {
+        const logger = useLogger();
+        const hooks = await this.handleApiError((api) => api.listHooksBySiteId({ site_id: siteId }));
+        const staleHooks = hooks.filter((h) => h.data?.url?.startsWith(webhookUrl));
+        if (staleHooks.length > 0) {
+            logger.debug(`[webhook:netlify] Cleaning up ${staleHooks.length} stale hook(s) for site ${siteId}`);
+            await Promise.allSettled(staleHooks.map((h) => this.api.deleteHook({ hook_id: h.id })));
+        }
+    }
+    async unregisterWebhook(webhookIds) {
+        await Promise.allSettled(webhookIds.map((id) => this.api.deleteHook({ hook_id: id })));
+    }
+    verifyAndParseWebhook(rawBody, headers, webhookSecret) {
+        const logger = useLogger();
+        // URL token verification — Netlify API doesn't support JWS signing for API-created hooks,
+        // so we embed a secret token in the webhook URL and verify it here.
+        // The token is passed via the 'x-webhook-token'
+        const token = headers['x-webhook-token'];
+        if (!token || typeof token !== 'string') {
+            logger.warn(`[webhook:netlify] Missing webhook token`);
+            return null;
+        }
+        const tokenBuf = Buffer.from(token);
+        const secretBuf = Buffer.from(webhookSecret);
+        if (tokenBuf.length !== secretBuf.length || !timingSafeEqual(tokenBuf, secretBuf)) {
+            logger.warn(`[webhook:netlify] Token mismatch`);
+            return null;
+        }
+        // Parse deploy object from body
+        const deploy = JSON.parse(rawBody.toString('utf-8'));
+        const state = this.mapStatus(deploy.state);
+        const mapping = STATE_TO_EVENT[state];
+        if (!mapping) {
+            return null;
+        }
+        const url = deploy.ssl_url || deploy.deploy_ssl_url || deploy.url;
+        const timestamp = deploy.published_at || deploy.updated_at || deploy.created_at;
+        return {
+            type: mapping.type,
+            provider: 'netlify',
+            project_external_id: deploy.site_id,
+            deployment_external_id: deploy.id,
+            status: mapping.status,
+            ...(url ? { url } : {}),
+            ...(deploy.context ? { target: deploy.context } : {}),
+            timestamp: new Date(timestamp),
+            raw: deploy,
+        };
+    }
     async getDeploymentLogs(deploymentId, options) {
         const deploy = await this.handleApiError((api) => api.getDeploy({ deployId: deploymentId }));
         const connection = await this.getWsConnection(deploymentId);

package/dist/deployment/drivers/vercel.d.ts

@@ -1,4 +1,4 @@
-import type { Credentials, Deployment, Details, Log, Options, Project, TriggerResult } from '@directus/types';
+import type { Credentials, Deployment, DeploymentWebhookEvent, Details, Log, Options, Project, Status, TriggerResult, WebhookRegistrationResult } from '@directus/types';
 import { DeploymentDriver } from '../deployment.js';
 export interface VercelCredentials extends Credentials {
     access_token: string;
@@ -25,8 +25,11 @@ export declare class VercelDriver extends DeploymentDriver<VercelCredentials, Ve
         preview?: boolean;
         clearCache?: boolean;
     }): Promise<TriggerResult>;
-    cancelDeployment(deploymentId: string): Promise<void>;
+    cancelDeployment(deploymentId: string): Promise<Status>;
     getDeploymentLogs(deploymentId: string, options?: {
         since?: Date;
     }): Promise<Log[]>;
+    registerWebhook(webhookUrl: string, projectIds: string[]): Promise<WebhookRegistrationResult>;
+    unregisterWebhook(webhookIds: string[]): Promise<void>;
+    verifyAndParseWebhook(rawBody: Buffer, headers: Record<string, string | string[] | undefined>, webhookSecret: string): DeploymentWebhookEvent | null;
 }

package/dist/deployment/drivers/vercel.js

@@ -1,6 +1,13 @@
+import { createHmac, timingSafeEqual } from 'node:crypto';
 import { HitRateLimitError, InvalidCredentialsError, ServiceUnavailableError } from '@directus/errors';
 import pLimit from 'p-limit';
 import { DeploymentDriver } from '../deployment.js';
+const VERCEL_WEBHOOK_EVENTS = [
+    'deployment.created',
+    'deployment.succeeded',
+    'deployment.error',
+    'deployment.canceled',
+];
 export class VercelDriver extends DeploymentDriver {
     static API_URL = 'https://api.vercel.com';
     requestLimit = pLimit(5);
@@ -83,8 +90,14 @@ export class VercelDriver extends DeploymentDriver {
         return result;
     }
     async listProjects() {
-        const response = await this.request('/v9/projects');
-        return response.projects.map((project) => this.mapProjectBase(project));
+        const allProjects = [];
+        let until;
+        do {
+            const response = await this.request('/v9/projects', { params: { limit: '100', ...(until ? { until } : {}) } });
+            allProjects.push(...response.projects.map((project) => this.mapProjectBase(project)));
+            until = response.pagination?.next ? String(response.pagination.next) : undefined;
+        } while (until);
+        return allProjects;
     }
     async getProject(projectId) {
         const project = await this.request(`/v9/projects/${projectId}`);
@@ -171,6 +184,7 @@ export class VercelDriver extends DeploymentDriver {
         const triggerResult = {
             deployment_id: response.id,
             status: this.mapStatus(response.status),
+            created_at: new Date(response.createdAt),
         };
         if (response.url) {
             triggerResult.url = `https://${response.url}`;
@@ -178,9 +192,22 @@ export class VercelDriver extends DeploymentDriver {
         return triggerResult;
     }
     async cancelDeployment(deploymentId) {
-        await this.request(`/v12/deployments/${encodeURIComponent(deploymentId)}/cancel`, {
-            method: 'PATCH',
-        });
+        try {
+            await this.request(`/v12/deployments/${encodeURIComponent(deploymentId)}/cancel`, {
+                method: 'PATCH',
+            });
+            return 'canceled';
+        }
+        catch {
+            const details = await this.getDeployment(deploymentId);
+            if (details.status !== 'building') {
+                return details.status;
+            }
+            throw new ServiceUnavailableError({
+                service: 'vercel',
+                reason: `Could not cancel the deployment: ${deploymentId}`,
+            });
+        }
     }
     async getDeploymentLogs(deploymentId, options) {
         let url = `/v3/deployments/${encodeURIComponent(deploymentId)}/events`;
@@ -205,4 +232,56 @@ export class VercelDriver extends DeploymentDriver {
             message: event.text || event.payload?.text || '',
         }));
     }
+    async registerWebhook(webhookUrl, projectIds) {
+        const response = await this.request('/v1/webhooks', {
+            method: 'POST',
+            body: JSON.stringify({
+                url: webhookUrl,
+                events: VERCEL_WEBHOOK_EVENTS,
+                projectIds,
+            }),
+        });
+        return {
+            webhook_ids: [response.id],
+            webhook_secret: response.secret,
+        };
+    }
+    async unregisterWebhook(webhookIds) {
+        for (const id of webhookIds) {
+            await this.request(`/v1/webhooks/${encodeURIComponent(id)}`, {
+                method: 'DELETE',
+            });
+        }
+    }
+    verifyAndParseWebhook(rawBody, headers, webhookSecret) {
+        const signature = headers['x-vercel-signature'];
+        if (!signature || typeof signature !== 'string') {
+            return null;
+        }
+        const expected = createHmac('sha1', webhookSecret).update(rawBody).digest('hex');
+        if (signature.length !== expected.length || !timingSafeEqual(Buffer.from(signature), Buffer.from(expected))) {
+            return null;
+        }
+        const body = JSON.parse(rawBody.toString('utf-8'));
+        if (!VERCEL_WEBHOOK_EVENTS.includes(body.type)) {
+            return null;
+        }
+        const eventTypeToStatus = {
+            'deployment.created': 'building',
+            'deployment.succeeded': 'ready',
+            'deployment.error': 'error',
+            'deployment.canceled': 'canceled',
+        };
+        return {
+            type: body.type,
+            provider: 'vercel',
+            project_external_id: body.payload.project.id,
+            deployment_external_id: body.payload.deployment.id,
+            status: eventTypeToStatus[body.type] ?? 'building',
+            ...(body.payload.deployment.url ? { url: `https://${body.payload.deployment.url}` } : {}),
+            ...(body.payload.target ? { target: body.payload.target } : {}),
+            timestamp: new Date(body.createdAt),
+            raw: body,
+        };
+    }
 }

package/dist/deployment.d.ts

@@ -22,3 +22,8 @@ export declare function isValidProviderType(provider: string): provider is Provi
  * Get list of supported provider types
  */
 export declare function getSupportedProviderTypes(): ProviderType[];
+/**
+ * Sync webhooks for existing deployment configs that don't have one yet.
+ * Called at startup to handle configs created before webhook support was added.
+ */
+export declare function ensureDeploymentWebhooks(): Promise<void>;

package/dist/deployment.js

@@ -1,4 +1,8 @@
+import getDatabase from './database/index.js';
 import { NetlifyDriver, VercelDriver } from './deployment/drivers/index.js';
+import { useLogger } from './logger/index.js';
+import { DeploymentService } from './services/deployment.js';
+import { getSchema } from './utils/get-schema.js';
 /**
  * Registry of deployment driver constructors
  */
@@ -38,3 +42,33 @@ export function isValidProviderType(provider) {
 export function getSupportedProviderTypes() {
     return Array.from(drivers.keys());
 }
+/**
+ * Sync webhooks for existing deployment configs that don't have one yet.
+ * Called at startup to handle configs created before webhook support was added.
+ */
+export async function ensureDeploymentWebhooks() {
+    const logger = useLogger();
+    const knex = getDatabase();
+    const schema = await getSchema();
+    const service = new DeploymentService({
+        knex,
+        schema,
+        accountability: null,
+    });
+    const configs = await service.readByQuery({
+        limit: -1,
+    });
+    if (!configs || configs.length === 0) {
+        logger.debug('[webhook] No deployment configs found');
+        return;
+    }
+    logger.debug(`[webhook] Syncing webhooks for ${configs.length} config(s)...`);
+    for (const config of configs) {
+        try {
+            await service.syncWebhook(config.provider);
+        }
+        catch (err) {
+            logger.error(`[webhook] Failed to sync webhook for ${config.provider}: ${err}`);
+        }
+    }
+}

package/dist/permissions/modules/validate-access/lib/validate-item-access.js

@@ -15,7 +15,7 @@ export async function validateItemAccess(options, context) {
     const hasPrimaryKeys = options.primaryKeys && options.primaryKeys.length > 0;
     // For non-singletons, we must have PKs to validate against
     if (!isSingleton && !hasPrimaryKeys) {
-        throw new Error(`Primary keys are required for non-singleton collection "${options.collection}"`);
+        return { accessAllowed: false };
     }
     // When we're looking up access to specific items, we have to read them from the database to
     // make sure you are allowed to access them.

package/dist/permissions/utils/get-unaliased-field-key.js

@@ -1,3 +1,4 @@
+import { parseJsonFunction } from '../../database/helpers/fn/json/parse-function.js';
 import { parseFilterKey } from '../../utils/parse-filter-key.js';
 /**
  * Derive the unaliased field key from the given AST node.
@@ -10,8 +11,15 @@ export function getUnaliasedFieldKey(node) {
         case 'm2o':
             return node.relation.field;
         case 'field':
-        case 'functionField':
             // The field name might still include a function, so process that here as well
             return parseFilterKey(node.name).fieldName;
+        case 'functionField':
+            if (node.name.startsWith('json')) {
+                return parseJsonFunction(node.name).field;
+            }
+            else {
+                // The field name might still include a function, so process that here as well
+                return parseFilterKey(node.name).fieldName;
+            }
     }
 }

package/dist/request/is-denied-ip.js

@@ -1,7 +1,5 @@
-import os from 'node:os';
 import { useEnv } from '@directus/env';
-import { ipInNetworks } from '@directus/utils/node';
-import { matches } from 'ip-matching';
+import { IpBlocklist } from '@directus/utils/node';
 import { useLogger } from '../logger/index.js';
 export function isDeniedIp(ip) {
     const env = useEnv();
@@ -9,31 +7,34 @@ export function isDeniedIp(ip) {
     const ipDenyList = env['IMPORT_IP_DENY_LIST'];
     if (ipDenyList.length === 0)
         return false;
+    const blockList = new IpBlocklist();
+    let blockNetworkInterfaces = false;
     try {
-        const denied = ipInNetworks(ip, ipDenyList);
-        if (denied)
-            return true;
+        for (const blockNetworkRaw of ipDenyList) {
+            const blockNetwork = blockNetworkRaw.trim();
+            if (blockNetwork === '0.0.0.0') {
+                blockNetworkInterfaces = true;
+                continue;
+            }
+            if (blockNetwork.includes('-')) {
+                blockList.parseRange(blockNetwork);
+                continue;
+            }
+            if (blockNetwork.includes('/')) {
+                blockList.parseSubnet(blockNetwork);
+                continue;
+            }
+            blockList.parseAddress(blockNetwork);
+        }
+        if (blockNetworkInterfaces) {
+            blockList.addLocalNetworkInterfaces();
+        }
     }
     catch (error) {
+        // error adding blocked ranges to the blocklist
         logger.warn(`Cannot verify IP address due to invalid "IMPORT_IP_DENY_LIST" config`);
         logger.warn(error);
         return true;
     }
-    if (ipDenyList.includes('0.0.0.0')) {
-        const networkInterfaces = os.networkInterfaces();
-        for (const networkInfo of Object.values(networkInterfaces)) {
-            if (!networkInfo)
-                continue;
-            for (const info of networkInfo) {
-                if (info.internal && info.cidr) {
-                    if (matches(ip, info.cidr))
-                        return true;
-                }
-                else if (info.address === ip) {
-                    return true;
-                }
-            }
-        }
-    }
-    return false;
+    return blockList.checkAddress(ip);
 }

package/dist/services/authentication.js

@@ -42,11 +42,25 @@ export class AuthenticationService {
         const STALL_TIME = env['LOGIN_STALL_TIME'];
         const timeStart = performance.now();
         const provider = getAuthProvider(providerName);
+        const emitStatus = (status, loginPayload, loginUser, error) => {
+            emitter.emitAction('auth.login', {
+                payload: loginPayload,
+                status,
+                user: loginUser?.id,
+                provider: providerName,
+                error,
+            }, {
+                database: this.knex,
+                schema: this.schema,
+                accountability: this.accountability,
+            });
+        };
         let userId;
         try {
             userId = await provider.getUserID(cloneDeep(payload));
         }
         catch (err) {
+            emitStatus('fail', payload, undefined, err);
             await stall(STALL_TIME, timeStart);
             throw err;
         }
@@ -64,22 +78,11 @@ export class AuthenticationService {
             schema: this.schema,
             accountability: this.accountability,
         });
-        const emitStatus = (status) => {
-            emitter.emitAction('auth.login', {
-                payload: updatedPayload,
-                status,
-                user: user?.id,
-                provider: providerName,
-            }, {
-                database: this.knex,
-                schema: this.schema,
-                accountability: this.accountability,
-            });
-        };
         if (user?.status !== 'active' || user?.provider !== providerName) {
-            emitStatus('fail');
+            const loginError = new InvalidCredentialsError();
+            emitStatus('fail', updatedPayload, user, loginError);
             await stall(STALL_TIME, timeStart);
-            throw new InvalidCredentialsError();
+            throw loginError;
         }
         const settingsService = new SettingsService({
             knex: this.knex,
@@ -130,23 +133,25 @@ export class AuthenticationService {
         try {
             await provider.login(clone(user), cloneDeep(updatedPayload));
         }
-        catch (e) {
-            emitStatus('fail');
+        catch (err) {
+            emitStatus('fail', updatedPayload, user, err);
             await stall(STALL_TIME, timeStart);
-            throw e;
+            throw err;
         }
         if (user.tfa_secret && !options?.otp) {
-            emitStatus('fail');
+            const loginError = new InvalidOtpError();
+            emitStatus('fail', updatedPayload, user, loginError);
             await stall(STALL_TIME, timeStart);
-            throw new InvalidOtpError();
+            throw loginError;
         }
         if (user.tfa_secret && options?.otp) {
             const tfaService = new TFAService({ knex: this.knex, schema: this.schema });
             const otpValid = await tfaService.verifyOTP(user.id, options?.otp);
             if (otpValid === false) {
-                emitStatus('fail');
+                const loginError = new InvalidOtpError();
+                emitStatus('fail', updatedPayload, user, loginError);
                 await stall(STALL_TIME, timeStart);
-                throw new InvalidOtpError();
+                throw loginError;
             }
         }
         const roles = await fetchRolesTree(user.role, { knex: this.knex });
@@ -214,7 +219,7 @@ export class AuthenticationService {
             });
         }
         await this.knex('directus_users').update({ last_access: new Date() }).where({ id: user.id });
-        emitStatus('success');
+        emitStatus('success', updatedPayload, user);
         if (allowedAttempts !== null) {
             await loginAttemptsLimiter.set(user.id, 0, 0);
         }

package/dist/services/collections.js

@@ -52,6 +52,7 @@ export class CollectionsService {
         if (payload.collection.startsWith('directus_')) {
             throw new InvalidPayloadError({ reason: `Collections can't start with "directus_"` });
         }
+        payload.collection = await this.helpers.schema.parseCollectionName(payload.collection);
         const nestedActionEvents = [];
         try {
             const existingCollections = [