error_spec.rb 8.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe 'Error handling', type: :request do
  4. shared_examples 'JSON response format' do
  5. let(:as) { :json }
  6. it { expect(response).to have_http_status(http_status) }
  7. it { expect(json_response).to be_a(Hash) }
  8. it do
  9. # There is a special case where we mask technical errors and return
  10. # a random error code that can be easily found in the logs by an
  11. # administrator. However, this makes it hard to check for the exact error
  12. # message. Therefore we only check for the substring in this particular case
  13. if message == 'Please contact your administrator' || message == 'Mysql2::Error' || message == 'PG::ForeignKeyViolation'
  14. expect(json_response['error']).to include(message)
  15. else
  16. expect(json_response['error']).to eq(message)
  17. end
  18. end
  19. end
  20. shared_examples 'HTML response format' do
  21. let(:as) { :html }
  22. it { expect(response).to have_http_status(http_status) }
  23. it { expect(response.content_type).to start_with('text/html') }
  24. it { expect(response.body).to include('<html') }
  25. it { expect(response.body).to include("<title>#{title}</title>") }
  26. it { expect(response.body).to match("<h1[^>]*>#{headline}</h1>") }
  27. it { expect(response.body).to include(message) }
  28. end
  29. context 'URL route does not exist' do
  30. before do
  31. get url, as: as
  32. end
  33. let(:url) { '/not_existing_url' }
  34. let(:message) { "No route matches [GET] #{url}" }
  35. let(:http_status) { :not_found }
  36. context 'requesting JSON' do
  37. include_examples 'JSON response format'
  38. end
  39. context 'requesting HTML' do
  40. let(:title) { '404: Not Found' }
  41. let(:headline) { '404: Requested resource was not found' }
  42. include_examples 'HTML response format'
  43. context 'when request ends with URL' do
  44. let(:url) { "//////#{message}" }
  45. let(:message) { 'this__website__is__closed__visit__our__new__site:_someother.com' }
  46. include_examples 'HTML response format'
  47. end
  48. end
  49. end
  50. context 'request is not authenticated' do
  51. before do
  52. stub_const('Auth::BRUTE_FORCE_SLEEP', 0)
  53. authenticated_as(create(:agent), password: 'wrongpw')
  54. get '/api/v1/organizations', as: as
  55. end
  56. let(:message) { 'Invalid BasicAuth credentials' }
  57. let(:http_status) { :unauthorized }
  58. context 'requesting JSON' do
  59. include_examples 'JSON response format'
  60. end
  61. context 'requesting HTML' do
  62. let(:title) { '401: Unauthorized' }
  63. let(:headline) { '401: Unauthorized' }
  64. include_examples 'HTML response format'
  65. end
  66. end
  67. context 'request is forbidden' do
  68. before do
  69. get '/api/v1/organizations', as: as
  70. end
  71. let(:message) { 'Authentication required' }
  72. let(:http_status) { :forbidden }
  73. context 'requesting JSON' do
  74. include_examples 'JSON response format'
  75. end
  76. context 'requesting HTML' do
  77. let(:title) { '403: Forbidden' }
  78. let(:headline) { '403: Forbidden' }
  79. include_examples 'HTML response format'
  80. end
  81. end
  82. context 'exception is raised' do
  83. let(:origin) { 'tests' }
  84. before do
  85. authenticated_as(create(user))
  86. get '/tests/raised_exception', params: { origin: origin, exception: exception.name, message: message }, as: as
  87. end
  88. shared_examples 'exception check' do |message, exception, http_status, title, headline|
  89. context "#{exception} is raised" do
  90. let(:exception) { exception }
  91. let(:http_status) { http_status }
  92. let(:message) { message }
  93. context 'requesting JSON' do
  94. include_examples 'JSON response format'
  95. end
  96. context 'requesting HTML' do
  97. let(:title) { title }
  98. let(:headline) { headline }
  99. include_examples 'HTML response format'
  100. end
  101. end
  102. end
  103. shared_examples 'handles exception' do |exception, http_status, title, headline, message = 'some error message'|
  104. include_examples 'exception check', message, exception, http_status, title, headline
  105. end
  106. shared_examples 'masks exception' do |exception, http_status, title, headline|
  107. include_examples 'exception check', 'Please contact your administrator', exception, http_status, title, headline
  108. end
  109. context 'with agent user' do
  110. let(:user) { :agent }
  111. include_examples 'handles exception', Exceptions::NotAuthorized, :unauthorized, '401: Unauthorized', '401: Unauthorized'
  112. include_examples 'handles exception', Exceptions::Forbidden, :forbidden, '403: Forbidden', '403: Forbidden'
  113. include_examples 'handles exception', Pundit::NotAuthorizedError, :forbidden, '403: Forbidden', '403: Forbidden', 'Not authorized'
  114. include_examples 'handles exception', ActiveRecord::RecordNotFound, :not_found, '404: Not Found', '404: Requested resource was not found'
  115. include_examples 'handles exception', Exceptions::UnprocessableEntity, :unprocessable_entity, '422: Unprocessable Entity', '422: The change you wanted was rejected.'
  116. include_examples 'masks exception', ArgumentError, :unprocessable_entity, '422: Unprocessable Entity', '422: The change you wanted was rejected.'
  117. include_examples 'masks exception', StandardError, :internal_server_error, '500: An unknown error occurred', '500: An unknown error occurred.'
  118. end
  119. context 'with admin user' do
  120. let(:user) { :admin }
  121. include_examples 'handles exception', Exceptions::NotAuthorized, :unauthorized, '401: Unauthorized', '401: Unauthorized'
  122. include_examples 'handles exception', Exceptions::Forbidden, :forbidden, '403: Forbidden', '403: Forbidden'
  123. include_examples 'handles exception', Pundit::NotAuthorizedError, :forbidden, '403: Forbidden', '403: Forbidden', 'Not authorized'
  124. include_examples 'handles exception', ActiveRecord::RecordNotFound, :not_found, '404: Not Found', '404: Requested resource was not found'
  125. include_examples 'handles exception', Exceptions::UnprocessableEntity, :unprocessable_entity, '422: Unprocessable Entity', '422: The change you wanted was rejected.'
  126. include_examples 'handles exception', ArgumentError, :unprocessable_entity, '422: Unprocessable Entity', '422: The change you wanted was rejected.'
  127. include_examples 'handles exception', StandardError, :internal_server_error, '500: An unknown error occurred', '500: An unknown error occurred.'
  128. end
  129. context 'with mobile controller' do
  130. let(:origin) { 'mobile' }
  131. context 'with agent user' do
  132. let(:user) { :agent }
  133. include_examples 'handles exception', Exceptions::NotAuthorized, :unauthorized, '401: Unauthorized', '401'
  134. include_examples 'handles exception', Exceptions::Forbidden, :forbidden, '403: Forbidden', '403'
  135. include_examples 'handles exception', Pundit::NotAuthorizedError, :forbidden, '403: Forbidden', '403', 'Not authorized'
  136. include_examples 'handles exception', ActiveRecord::RecordNotFound, :not_found, '404: Not Found', '404'
  137. include_examples 'handles exception', Exceptions::UnprocessableEntity, :unprocessable_entity, '422: Unprocessable Entity', '422'
  138. include_examples 'masks exception', ArgumentError, :unprocessable_entity, '422: Unprocessable Entity', '422'
  139. include_examples 'masks exception', StandardError, :internal_server_error, '500: An unknown error occurred', '500'
  140. end
  141. context 'with admin user' do
  142. let(:user) { :admin }
  143. include_examples 'handles exception', Exceptions::NotAuthorized, :unauthorized, '401: Unauthorized', '401'
  144. include_examples 'handles exception', Exceptions::Forbidden, :forbidden, '403: Forbidden', '403'
  145. include_examples 'handles exception', Pundit::NotAuthorizedError, :forbidden, '403: Forbidden', '403', 'Not authorized'
  146. include_examples 'handles exception', ActiveRecord::RecordNotFound, :not_found, '404: Not Found', '404'
  147. include_examples 'handles exception', Exceptions::UnprocessableEntity, :unprocessable_entity, '422: Unprocessable Entity', '422'
  148. include_examples 'handles exception', ArgumentError, :unprocessable_entity, '422: Unprocessable Entity', '422'
  149. include_examples 'handles exception', StandardError, :internal_server_error, '500: An unknown error occurred', '500'
  150. end
  151. end
  152. end
  153. end