Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Branch: stable-5.4
Branches Tags
zammad
/
app
/
controllers
/
application_controller
/
handles_errors.rb

handles_errors.rb 4.3 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122 
  1. # Copyright (C) 2012-2023 Zammad Foundation, https://zammad-foundation.org/
    2. 

  2. 

  3. module ApplicationController::HandlesErrors
    4. 

  4.   extend ActiveSupport::Concern
    5. 

  5. 

  6.   included do
    7. 

  7.     rescue_from StandardError, with: :internal_server_error
    8. 

  8.     rescue_from 'ExecJS::RuntimeError', with: :internal_server_error
    9. 

  9.     rescue_from ActiveRecord::RecordNotFound, with: :not_found
    10. 

  10.     rescue_from ActiveRecord::StatementInvalid, with: :unprocessable_entity
    11. 

  11.     rescue_from ActiveRecord::RecordInvalid, with: :unprocessable_entity
    12. 

  12.     rescue_from ActiveRecord::DeleteRestrictionError, with: :unprocessable_entity
    13. 

  13.     rescue_from ArgumentError, with: :unprocessable_entity
    14. 

  14.     rescue_from Exceptions::UnprocessableEntity, with: :unprocessable_entity
    15. 

  15.     rescue_from Exceptions::NotAuthorized, with: :unauthorized
    16. 

  16.     rescue_from Exceptions::Forbidden, with: :forbidden
    17. 

  17.     rescue_from Pundit::NotAuthorizedError, with: :pundit_not_authorized_error
    18. 

  18.   end
    19. 

  19. 

  20.   def not_found(e)
    21. 

  21.     logger.error e
    22. 

  22.     respond_to_exception(e, :not_found)
    23. 

  23.     http_log
    24. 

  24.   end
    25. 

  25. 

  26.   def unprocessable_entity(e)
    27. 

  27.     logger.error e
    28. 

  28.     respond_to_exception(e, :unprocessable_entity)
    29. 

  29.     http_log
    30. 

  30.   end
    31. 

  31. 

  32.   def internal_server_error(e)
    33. 

  33.     logger.error e
    34. 

  34.     respond_to_exception(e, :internal_server_error)
    35. 

  35.     http_log
    36. 

  36.   end
    37. 

  37. 

  38.   def unauthorized(e)
    39. 

  39.     logger.info { e }
    40. 

  40.     error = humanize_error(e)
    41. 

  41.     response.headers['X-Failure'] = error.fetch(:error_human, error[:error])
    42. 

  42.     respond_to_exception(e, :unauthorized)
    43. 

  43.     http_log
    44. 

  44.   end
    45. 

  45. 

  46.   def forbidden(e)
    47. 

  47.     logger.info { e }
    48. 

  48.     error = humanize_error(e)
    49. 

  49.     response.headers['X-Failure'] = error.fetch(:error_human, error[:error])
    50. 

  50.     respond_to_exception(e, :forbidden)
    51. 

  51.     http_log
    52. 

  52.   end
    53. 

  53. 

  54.   def pundit_not_authorized_error(e)
    55. 

  55.     logger.info { e }
    56. 

  56.     # check if a special authorization_error should be shown in the result payload
    57. 

  57.     # which was raised in one of the policies. Fall back to a simple "Not authorized"
    58. 

  58.     # error to hide actual cause for security reasons.
    59. 

  59.     exception = e.policy&.custom_exception || Exceptions::Forbidden.new(__('Not authorized'))
    60. 

  60. 

  61.     case exception
    62. 

  62.     when ActiveRecord::RecordNotFound
    63. 

  63.       not_found(exception)
    64. 

  64.     when Exceptions::UnprocessableEntity
    65. 

  65.       unprocessable_entity(exception)
    66. 

  66.     else
    67. 

  67.       forbidden(exception)
    68. 

  68.     end
    69. 

  69.   end
    70. 

  70. 

  71.   private
    72. 

  72. 

  73.   def respond_to_exception(e, status)
    74. 

  74.     status_code = Rack::Utils.status_code(status)
    75. 

  75. 

  76.     respond_to do |format|
    77. 

  77.       format.json { render json: humanize_error(e), status: status }
    78. 

  78.       format.any do
    79. 

  79.         errors = humanize_error(e)
    80. 

  80.         @exception = e
    81. 

  81.         @message = errors[:error_human] || errors[:error] || param[:message]
    82. 

  82.         @traceback = !Rails.env.production?
    83. 

  83.         file = Rails.public_path.join("#{status_code}.html").open('r')
    84. 

  84.         render inline: file.read, status: status, content_type: 'text/html' # rubocop:disable Rails/RenderInline
    85. 

  85.       end
    86. 

  86.     end
    87. 

  87.   end
    88. 

  88. 

  89.   def humanize_error(e)
    90. 

  90.     data = {
    91. 

  91.       error: e.message
    92. 

  92.     }
    93. 

  93. 

  94.     if (base_error = e.try(:record)&.errors&.messages&.find { |key, _| key.match? %r{[\w+.]?base} }&.last&.last)
    95. 

  95.       data[:error_human] = base_error
    96. 

  96.     elsif (first_error = e.try(:record)&.errors&.full_messages&.first)
    97. 

  97.       data[:error_human] = first_error
    98. 

  98.     elsif e.message.match?(%r{(already exists|duplicate key|duplicate entry)}i)
    99. 

  99.       data[:error_human] = __('This object already exists.')
    100. 

  100.     elsif e.message =~ %r{null value in column "(.+?)" violates not-null constraint}i || e.message =~ %r{Field '(.+?)' doesn't have a default value}i
    101. 

  101.       data[:error_human] = "Attribute '#{$1}' required!"
    102. 

  102.     elsif e.message == 'Exceptions::Forbidden'
    103. 

  103.       data[:error]       = __('Not authorized')
    104. 

  104.       data[:error_human] = data[:error]
    105. 

  105.     elsif e.message == 'Exceptions::NotAuthorized'
    106. 

  106.       data[:error]       = __('Authorization failed')
    107. 

  107.       data[:error_human] = data[:error]
    108. 

  108.     elsif [ActionController::RoutingError, ActiveRecord::RecordNotFound, Exceptions::UnprocessableEntity, Exceptions::NotAuthorized, Exceptions::Forbidden].include?(e.class)
    109. 

  109.       data[:error_human] = data[:error]
    110. 

  110.     end
    111. 

  111. 

  112.     if data[:error_human].present?
    113. 

  113.       data[:error] = data[:error_human]
    114. 

  114.     elsif !policy(Exceptions).view_details?
    115. 

  115.       error_code_prefix = "Error ID #{SecureRandom.urlsafe_base64(6)}:"
    116. 

  116.       Rails.logger.error "#{error_code_prefix} #{data[:error]}"
    117. 

  117.       data[:error] = "#{error_code_prefix} Please contact your administrator."
    118. 

  118.     end
    119. 

  119. 

  120.     data
    121. 

  121.   end
    122. 

  122. end
    123.