Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Tree: 0d519f4847
Branches Tags
zammad
/
spec
/
requests
/
error_spec.rb

error_spec.rb 8.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206 
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
    2. 

  2. 

  3. require 'rails_helper'
    4. 

  4. 

  5. RSpec.describe 'Error handling', type: :request do
    6. 

  6. 

  7.   shared_examples 'JSON response format' do
    8. 

  8. 

  9.     let(:as) { :json }
    10. 

  10. 

  11.     it { expect(response).to have_http_status(http_status) }
    12. 

  12.     it { expect(json_response).to be_a(Hash) }
    13. 

  13. 

  14.     it do
    15. 

  15.       # There is a special case where we mask technical errors and return
    16. 

  16.       # a random error code that can be easily found in the logs by an
    17. 

  17.       # administrator. However, this makes it hard to check for the exact error
    18. 

  18.       # message. Therefore we only check for the substring in this particular case
    19. 

  19.       if message == 'Please contact your administrator' || message == 'Mysql2::Error' || message == 'PG::ForeignKeyViolation'
    20. 

  20.         expect(json_response['error']).to include(message)
    21. 

  21.       else
    22. 

  22.         expect(json_response['error']).to eq(message)
    23. 

  23.       end
    24. 

  24.     end
    25. 

  25.   end
    26. 

  26. 

  27.   shared_examples 'HTML response format' do
    28. 

  28.     let(:as) { :html }
    29. 

  29. 

  30.     it { expect(response).to have_http_status(http_status) }
    31. 

  31.     it { expect(response.content_type).to start_with('text/html') }
    32. 

  32.     it { expect(response.body).to include('<html') }
    33. 

  33.     it { expect(response.body).to include("<title>#{title}</title>") }
    34. 

  34.     it { expect(response.body).to match("<h1[^>]*>#{headline}</h1>") }
    35. 

  35.     it { expect(response.body).to include(message) }
    36. 

  36.   end
    37. 

  37. 

  38.   context 'URL route does not exist' do
    39. 

  39. 

  40.     before do
    41. 

  41.       get url, as: as
    42. 

  42.     end
    43. 

  43. 

  44.     let(:url)         { '/not_existing_url' }
    45. 

  45.     let(:message)     { "No route matches [GET] #{url}" }
    46. 

  46.     let(:http_status) { :not_found }
    47. 

  47. 

  48.     context 'requesting JSON' do
    49. 

  49.       include_examples 'JSON response format'
    50. 

  50.     end
    51. 

  51. 

  52.     context 'requesting HTML' do
    53. 

  53.       let(:title) { '404: Not Found' }
    54. 

  54.       let(:headline) { '404: Requested resource was not found' }
    55. 

  55. 

  56.       include_examples 'HTML response format'
    57. 

  57. 

  58.       context 'when request ends with URL' do
    59. 

  59. 

  60.         let(:url) { "//////#{message}" }
    61. 

  61.         let(:message) { 'this__website__is__closed__visit__our__new__site:_someother.com' }
    62. 

  62. 

  63.         include_examples 'HTML response format'
    64. 

  64.       end
    65. 

  65.     end
    66. 

  66.   end
    67. 

  67. 

  68.   context 'request is not authenticated' do
    69. 

  69. 

  70.     before do
    71. 

  71.       stub_const('Auth::BRUTE_FORCE_SLEEP', 0)
    72. 

  72.       authenticated_as(create(:agent), password: 'wrongpw')
    73. 

  73.       get '/api/v1/organizations', as: as
    74. 

  74.     end
    75. 

  75. 

  76.     let(:message) { 'Invalid BasicAuth credentials' }
    77. 

  77.     let(:http_status) { :unauthorized }
    78. 

  78. 

  79.     context 'requesting JSON' do
    80. 

  80.       include_examples 'JSON response format'
    81. 

  81.     end
    82. 

  82. 

  83.     context 'requesting HTML' do
    84. 

  84.       let(:title) { '401: Unauthorized' }
    85. 

  85.       let(:headline) { '401: Unauthorized' }
    86. 

  86. 

  87.       include_examples 'HTML response format'
    88. 

  88.     end
    89. 

  89.   end
    90. 

  90. 

  91.   context 'request is forbidden' do
    92. 

  92. 

  93.     before do
    94. 

  94.       get '/api/v1/organizations', as: as
    95. 

  95.     end
    96. 

  96. 

  97.     let(:message) { 'Authentication required' }
    98. 

  98.     let(:http_status) { :forbidden }
    99. 

  99. 

  100.     context 'requesting JSON' do
    101. 

  101.       include_examples 'JSON response format'
    102. 

  102.     end
    103. 

  103. 

  104.     context 'requesting HTML' do
    105. 

  105.       let(:title) { '403: Forbidden' }
    106. 

  106.       let(:headline) { '403: Forbidden' }
    107. 

  107. 

  108.       include_examples 'HTML response format'
    109. 

  109.     end
    110. 

  110.   end
    111. 

  111. 

  112.   context 'exception is raised' do
    113. 

  113.     let(:origin) { 'tests' }
    114. 

  114. 

  115.     before do
    116. 

  116.       authenticated_as(create(user))
    117. 

  117.       get '/tests/raised_exception', params: { origin: origin, exception: exception.name, message: message }, as: as
    118. 

  118.     end
    119. 

  119. 

  120.     shared_examples 'exception check' do |message, exception, http_status, title, headline|
    121. 

  121. 

  122.       context "#{exception} is raised" do
    123. 

  123. 

  124.         let(:exception)   { exception }
    125. 

  125.         let(:http_status) { http_status }
    126. 

  126.         let(:message)     { message }
    127. 

  127. 

  128.         context 'requesting JSON' do
    129. 

  129.           include_examples 'JSON response format'
    130. 

  130.         end
    131. 

  131. 

  132.         context 'requesting HTML' do
    133. 

  133.           let(:title) { title }
    134. 

  134.           let(:headline) { headline }
    135. 

  135. 

  136.           include_examples 'HTML response format'
    137. 

  137.         end
    138. 

  138.       end
    139. 

  139.     end
    140. 

  140. 

  141.     shared_examples 'handles exception' do |exception, http_status, title, headline, message = 'some error message'|
    142. 

  142.       include_examples 'exception check', message, exception, http_status, title, headline
    143. 

  143.     end
    144. 

  144. 

  145.     shared_examples 'masks exception' do |exception, http_status, title, headline|
    146. 

  146.       include_examples 'exception check', 'Please contact your administrator', exception, http_status, title, headline
    147. 

  147.     end
    148. 

  148. 

  149.     context 'with agent user' do
    150. 

  150. 

  151.       let(:user) { :agent }
    152. 

  152. 

  153.       include_examples 'handles exception', Exceptions::NotAuthorized, :unauthorized, '401: Unauthorized', '401: Unauthorized'
    154. 

  154.       include_examples 'handles exception', Exceptions::Forbidden, :forbidden, '403: Forbidden', '403: Forbidden'
    155. 

  155.       include_examples 'handles exception', Pundit::NotAuthorizedError, :forbidden, '403: Forbidden', '403: Forbidden', 'Not authorized'
    156. 

  156.       include_examples 'handles exception', ActiveRecord::RecordNotFound, :not_found, '404: Not Found', '404: Requested resource was not found'
    157. 

  157.       include_examples 'handles exception', Exceptions::UnprocessableEntity, :unprocessable_entity, '422: Unprocessable Entity', '422: The change you wanted was rejected.'
    158. 

  158.       include_examples 'masks exception', ArgumentError, :unprocessable_entity, '422: Unprocessable Entity', '422: The change you wanted was rejected.'
    159. 

  159.       include_examples 'masks exception', StandardError, :internal_server_error, '500: An unknown error occurred', '500: An unknown error occurred.'
    160. 

  160.     end
    161. 

  161. 

  162.     context 'with admin user' do
    163. 

  163. 

  164.       let(:user) { :admin }
    165. 

  165. 

  166.       include_examples 'handles exception', Exceptions::NotAuthorized, :unauthorized, '401: Unauthorized', '401: Unauthorized'
    167. 

  167.       include_examples 'handles exception', Exceptions::Forbidden, :forbidden, '403: Forbidden', '403: Forbidden'
    168. 

  168.       include_examples 'handles exception', Pundit::NotAuthorizedError, :forbidden, '403: Forbidden', '403: Forbidden', 'Not authorized'
    169. 

  169.       include_examples 'handles exception', ActiveRecord::RecordNotFound, :not_found, '404: Not Found', '404: Requested resource was not found'
    170. 

  170.       include_examples 'handles exception', Exceptions::UnprocessableEntity, :unprocessable_entity, '422: Unprocessable Entity', '422: The change you wanted was rejected.'
    171. 

  171.       include_examples 'handles exception', ArgumentError, :unprocessable_entity, '422: Unprocessable Entity', '422: The change you wanted was rejected.'
    172. 

  172.       include_examples 'handles exception', StandardError, :internal_server_error, '500: An unknown error occurred', '500: An unknown error occurred.'
    173. 

  173.     end
    174. 

  174. 

  175.     context 'with mobile controller' do
    176. 

  176. 

  177.       let(:origin) { 'mobile' }
    178. 

  178. 

  179.       context 'with agent user' do
    180. 

  180. 

  181.         let(:user) { :agent }
    182. 

  182. 

  183.         include_examples 'handles exception', Exceptions::NotAuthorized, :unauthorized, '401: Unauthorized', '401'
    184. 

  184.         include_examples 'handles exception', Exceptions::Forbidden, :forbidden, '403: Forbidden', '403'
    185. 

  185.         include_examples 'handles exception', Pundit::NotAuthorizedError, :forbidden, '403: Forbidden', '403', 'Not authorized'
    186. 

  186.         include_examples 'handles exception', ActiveRecord::RecordNotFound, :not_found, '404: Not Found', '404'
    187. 

  187.         include_examples 'handles exception', Exceptions::UnprocessableEntity, :unprocessable_entity, '422: Unprocessable Entity', '422'
    188. 

  188.         include_examples 'masks exception', ArgumentError, :unprocessable_entity, '422: Unprocessable Entity', '422'
    189. 

  189.         include_examples 'masks exception', StandardError, :internal_server_error, '500: An unknown error occurred', '500'
    190. 

  190.       end
    191. 

  191. 

  192.       context 'with admin user' do
    193. 

  193. 

  194.         let(:user) { :admin }
    195. 

  195. 

  196.         include_examples 'handles exception', Exceptions::NotAuthorized, :unauthorized, '401: Unauthorized', '401'
    197. 

  197.         include_examples 'handles exception', Exceptions::Forbidden, :forbidden, '403: Forbidden', '403'
    198. 

  198.         include_examples 'handles exception', Pundit::NotAuthorizedError, :forbidden, '403: Forbidden', '403', 'Not authorized'
    199. 

  199.         include_examples 'handles exception', ActiveRecord::RecordNotFound, :not_found, '404: Not Found', '404'
    200. 

  200.         include_examples 'handles exception', Exceptions::UnprocessableEntity, :unprocessable_entity, '422: Unprocessable Entity', '422'
    201. 

  201.         include_examples 'handles exception', ArgumentError, :unprocessable_entity, '422: Unprocessable Entity', '422'
    202. 

  202.         include_examples 'handles exception', StandardError, :internal_server_error, '500: An unknown error occurred', '500'
    203. 

  203.       end
    204. 

  204.     end
    205. 

  205.   end
    206. 

  206. end
    207.