Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Tree: 304d47d74b
Branches Tags
zammad
/
app
/
controllers
/
application_controller
/
handles_errors.rb

handles_errors.rb 4.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121 
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
    2. 

  2. 

  3. module ApplicationController::HandlesErrors
    4. 

  4.   extend ActiveSupport::Concern
    5. 

  5. 

  6.   included do
    7. 

  7.     rescue_from StandardError, with: :internal_server_error
    8. 

  8.     rescue_from 'ExecJS::RuntimeError', with: :internal_server_error
    9. 

  9.     rescue_from ActiveRecord::RecordNotFound, with: :not_found
    10. 

  10.     rescue_from ActiveRecord::StatementInvalid, with: :unprocessable_entity
    11. 

  11.     rescue_from ActiveRecord::RecordInvalid, with: :unprocessable_entity
    12. 

  12.     rescue_from ActiveRecord::DeleteRestrictionError, with: :unprocessable_entity
    13. 

  13.     rescue_from ArgumentError, with: :unprocessable_entity
    14. 

  14.     rescue_from Exceptions::UnprocessableEntity, with: :unprocessable_entity
    15. 

  15.     rescue_from Exceptions::NotAuthorized, with: :unauthorized
    16. 

  16.     rescue_from Exceptions::Forbidden, with: :forbidden
    17. 

  17.     rescue_from Pundit::NotAuthorizedError, with: :pundit_not_authorized_error
    18. 

  18.     rescue_from Store::Provider::S3::Error, with: :unprocessable_entity
    19. 

  19.   end
    20. 

  20. 

  21.   def not_found(e)
    22. 

  22.     logger.error e
    23. 

  23.     respond_to_exception(e, :not_found)
    24. 

  24.     http_log
    25. 

  25.   end
    26. 

  26. 

  27.   def unprocessable_entity(e)
    28. 

  28.     logger.error e
    29. 

  29.     respond_to_exception(e, :unprocessable_entity)
    30. 

  30.     http_log
    31. 

  31.   end
    32. 

  32. 

  33.   def internal_server_error(e)
    34. 

  34.     logger.error e
    35. 

  35.     respond_to_exception(e, :internal_server_error)
    36. 

  36.     http_log
    37. 

  37.   end
    38. 

  38. 

  39.   def unauthorized(e)
    40. 

  40.     logger.info { e }
    41. 

  41.     error = humanize_error(e)
    42. 

  42.     response.headers['X-Failure'] = error.fetch(:error_human, error[:error])
    43. 

  43.     respond_to_exception(e, :unauthorized)
    44. 

  44.     http_log
    45. 

  45.   end
    46. 

  46. 

  47.   def forbidden(e)
    48. 

  48.     logger.info { e }
    49. 

  49.     error = humanize_error(e)
    50. 

  50.     response.headers['X-Failure'] = error.fetch(:error_human, error[:error])
    51. 

  51.     respond_to_exception(e, :forbidden)
    52. 

  52.     http_log
    53. 

  53.   end
    54. 

  54. 

  55.   def pundit_not_authorized_error(e)
    56. 

  56.     logger.info { e }
    57. 

  57.     # check if a special authorization_error should be shown in the result payload
    58. 

  58.     # which was raised in one of the policies. Fall back to a simple "Not authorized"
    59. 

  59.     # error to hide actual cause for security reasons.
    60. 

  60.     exception = e.policy&.custom_exception || Exceptions::Forbidden.new(__('Not authorized'))
    61. 

  61. 

  62.     case exception
    63. 

  63.     when ActiveRecord::RecordNotFound
    64. 

  64.       not_found(exception)
    65. 

  65.     when Exceptions::UnprocessableEntity
    66. 

  66.       unprocessable_entity(exception)
    67. 

  67.     else
    68. 

  68.       forbidden(exception)
    69. 

  69.     end
    70. 

  70.   end
    71. 

  71. 

  72.   private
    73. 

  73. 

  74.   def respond_to_exception(e, status)
    75. 

  75.     status_code = Rack::Utils.status_code(status)
    76. 

  76. 

  77.     respond_to do |format|
    78. 

  78.       format.json { render json: humanize_error(e), status: status }
    79. 

  79.       format.any do
    80. 

  80.         errors = humanize_error(e)
    81. 

  81.         @exception = e
    82. 

  82.         @message = errors[:error_human] || errors[:error] || param[:message]
    83. 

  83.         @traceback = !Rails.env.production?
    84. 

  84.         file = Rails.public_path.join("#{status_code}#{params[:controller] == 'mobile' ? '-mobile' : ''}.html").open('r')
    85. 

  85.         render inline: file.read, status: status, content_type: 'text/html' # rubocop:disable Rails/RenderInline
    86. 

  86.       end
    87. 

  87.     end
    88. 

  88.   end
    89. 

  89. 

  90.   def humanize_error(e)
    91. 

  91.     data = { error: e.message }
    92. 

  92. 

  93.     if (base_error = e.try(:record)&.errors&.messages&.find { |key, _| key.match? %r{[\w+.]?base} }&.last&.last)
    94. 

  94.       data[:error_human] = base_error
    95. 

  95.     elsif (first_error = e.try(:record)&.errors&.full_messages&.first)
    96. 

  96.       data[:error_human] = first_error
    97. 

  97.     elsif e.message.match?(%r{(already exists|duplicate key|duplicate entry)}i)
    98. 

  98.       data[:error_human] = __('This object already exists.')
    99. 

  99.     elsif e.message =~ %r{null value in column "(.+?)" violates not-null constraint}i || e.message =~ %r{Field '(.+?)' doesn't have a default value}i
    100. 

  100.       data[:error_human] = "Attribute '#{$1}' required!"
    101. 

  101.     elsif e.message == 'Exceptions::Forbidden'
    102. 

  102.       data[:error]       = __('Not authorized')
    103. 

  103.       data[:error_human] = data[:error]
    104. 

  104.     elsif e.message == 'Exceptions::NotAuthorized'
    105. 

  105.       data[:error]       = __('Authorization failed')
    106. 

  106.       data[:error_human] = data[:error]
    107. 

  107.     elsif [ActionController::RoutingError, ActiveRecord::RecordNotFound, Exceptions::UnprocessableEntity, Exceptions::NotAuthorized, Exceptions::Forbidden, Store::Provider::S3::Error, Authorization::Provider::AccountError].include?(e.class)
    108. 

  108.       data[:error_human] = data[:error]
    109. 

  109.     end
    110. 

  110. 

  111.     if data[:error_human].present?
    112. 

  112.       data[:error] = data[:error_human]
    113. 

  113.     elsif !policy(Exceptions).view_details?
    114. 

  114.       error_code_prefix = "Error ID #{SecureRandom.urlsafe_base64(6)}:"
    115. 

  115.       Rails.logger.error "#{error_code_prefix} #{data[:error]}"
    116. 

  116.       data[:error] = "#{error_code_prefix} Please contact your administrator."
    117. 

  117.     end
    118. 

  118. 

  119.     data
    120. 

  120.   end
    121. 

  121. end
    122.