2022-01-01 13:38:12 +00:00
|
|
|
# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
|
2021-06-01 12:20:20 +00:00
|
|
|
|
2017-03-09 11:44:51 +00:00
|
|
|
module ApplicationController::HandlesErrors
|
2017-01-20 09:45:19 +00:00
|
|
|
extend ActiveSupport::Concern
|
|
|
|
|
|
|
|
included do
|
|
|
|
rescue_from StandardError, with: :internal_server_error
|
2021-07-12 09:46:57 +00:00
|
|
|
rescue_from 'ExecJS::RuntimeError', with: :internal_server_error
|
2017-01-20 09:45:19 +00:00
|
|
|
rescue_from ActiveRecord::RecordNotFound, with: :not_found
|
|
|
|
rescue_from ActiveRecord::StatementInvalid, with: :unprocessable_entity
|
|
|
|
rescue_from ActiveRecord::RecordInvalid, with: :unprocessable_entity
|
2019-03-01 04:26:53 +00:00
|
|
|
rescue_from ActiveRecord::DeleteRestrictionError, with: :unprocessable_entity
|
2017-01-20 09:45:19 +00:00
|
|
|
rescue_from ArgumentError, with: :unprocessable_entity
|
|
|
|
rescue_from Exceptions::UnprocessableEntity, with: :unprocessable_entity
|
|
|
|
rescue_from Exceptions::NotAuthorized, with: :unauthorized
|
2021-02-04 08:28:41 +00:00
|
|
|
rescue_from Exceptions::Forbidden, with: :forbidden
|
2020-03-19 09:39:51 +00:00
|
|
|
rescue_from Pundit::NotAuthorizedError, with: :pundit_not_authorized_error
|
2017-01-20 09:45:19 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def not_found(e)
|
2017-04-19 10:09:54 +00:00
|
|
|
logger.error e
|
2017-01-20 09:45:19 +00:00
|
|
|
respond_to_exception(e, :not_found)
|
2017-08-21 23:13:19 +00:00
|
|
|
http_log
|
2017-01-20 09:45:19 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def unprocessable_entity(e)
|
2017-04-19 10:09:54 +00:00
|
|
|
logger.error e
|
2017-01-20 09:45:19 +00:00
|
|
|
respond_to_exception(e, :unprocessable_entity)
|
2017-08-21 23:13:19 +00:00
|
|
|
http_log
|
2017-01-20 09:45:19 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def internal_server_error(e)
|
2017-04-19 10:09:54 +00:00
|
|
|
logger.error e
|
2017-01-20 09:45:19 +00:00
|
|
|
respond_to_exception(e, :internal_server_error)
|
2017-08-21 23:13:19 +00:00
|
|
|
http_log
|
2017-01-20 09:45:19 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def unauthorized(e)
|
2020-03-19 09:39:51 +00:00
|
|
|
logger.info { e }
|
2020-03-06 14:31:43 +00:00
|
|
|
error = humanize_error(e)
|
2017-01-20 09:45:19 +00:00
|
|
|
response.headers['X-Failure'] = error.fetch(:error_human, error[:error])
|
|
|
|
respond_to_exception(e, :unauthorized)
|
2017-08-21 23:13:19 +00:00
|
|
|
http_log
|
2017-01-20 09:45:19 +00:00
|
|
|
end
|
|
|
|
|
2021-02-04 08:28:41 +00:00
|
|
|
def forbidden(e)
|
|
|
|
logger.info { e }
|
|
|
|
error = humanize_error(e)
|
|
|
|
response.headers['X-Failure'] = error.fetch(:error_human, error[:error])
|
|
|
|
respond_to_exception(e, :forbidden)
|
|
|
|
http_log
|
|
|
|
end
|
|
|
|
|
2020-03-19 09:39:51 +00:00
|
|
|
def pundit_not_authorized_error(e)
|
|
|
|
logger.info { e }
|
|
|
|
# check if a special authorization_error should be shown in the result payload
|
|
|
|
# which was raised in one of the policies. Fall back to a simple "Not authorized"
|
|
|
|
# error to hide actual cause for security reasons.
|
2021-11-15 15:58:19 +00:00
|
|
|
exeption = e.policy&.custom_exception || Exceptions::Forbidden.new(__('Not authorized'))
|
2021-02-04 08:28:41 +00:00
|
|
|
forbidden(exeption)
|
2020-03-19 09:39:51 +00:00
|
|
|
end
|
|
|
|
|
2017-01-20 09:45:19 +00:00
|
|
|
private
|
|
|
|
|
|
|
|
def respond_to_exception(e, status)
|
|
|
|
status_code = Rack::Utils.status_code(status)
|
|
|
|
|
|
|
|
respond_to do |format|
|
2020-03-06 14:31:43 +00:00
|
|
|
format.json { render json: humanize_error(e), status: status }
|
2017-10-01 12:25:52 +00:00
|
|
|
format.any do
|
2020-03-06 14:31:43 +00:00
|
|
|
errors = humanize_error(e)
|
2017-01-20 09:45:19 +00:00
|
|
|
@exception = e
|
2018-07-17 08:35:51 +00:00
|
|
|
@message = errors[:error_human] || errors[:error] || param[:message]
|
2017-01-20 09:45:19 +00:00
|
|
|
@traceback = !Rails.env.production?
|
|
|
|
file = File.open(Rails.root.join('public', "#{status_code}.html"), 'r')
|
2021-04-27 08:54:37 +00:00
|
|
|
render inline: file.read, status: status, content_type: 'text/html' # rubocop:disable Rails/RenderInline
|
2017-10-01 12:25:52 +00:00
|
|
|
end
|
2017-01-20 09:45:19 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-03-06 14:31:43 +00:00
|
|
|
def humanize_error(e)
|
|
|
|
|
2017-01-20 09:45:19 +00:00
|
|
|
data = {
|
2020-03-06 14:31:43 +00:00
|
|
|
error: e.message
|
2017-01-20 09:45:19 +00:00
|
|
|
}
|
|
|
|
|
2021-12-03 13:09:11 +00:00
|
|
|
if (message = e.try(:record)&.errors&.full_messages&.first)
|
|
|
|
data[:error_human] = message
|
2021-05-12 11:37:44 +00:00
|
|
|
elsif e.message.match?(%r{(already exists|duplicate key|duplicate entry)}i)
|
2021-11-15 15:58:19 +00:00
|
|
|
data[:error_human] = __('Object already exists!')
|
2021-05-12 11:37:44 +00:00
|
|
|
elsif e.message =~ %r{null value in column "(.+?)" violates not-null constraint}i || e.message =~ %r{Field '(.+?)' doesn't have a default value}i
|
2017-01-20 09:45:19 +00:00
|
|
|
data[:error_human] = "Attribute '#{$1}' required!"
|
2021-02-04 08:28:41 +00:00
|
|
|
elsif e.message == 'Exceptions::Forbidden'
|
2021-11-15 15:58:19 +00:00
|
|
|
data[:error] = __('Not authorized')
|
2017-01-20 09:45:19 +00:00
|
|
|
data[:error_human] = data[:error]
|
2021-02-04 08:28:41 +00:00
|
|
|
elsif e.message == 'Exceptions::NotAuthorized'
|
2021-11-15 15:58:19 +00:00
|
|
|
data[:error] = __('Authorization failed')
|
2021-02-04 08:28:41 +00:00
|
|
|
data[:error_human] = data[:error]
|
|
|
|
elsif [ActionController::RoutingError, ActiveRecord::RecordNotFound, Exceptions::UnprocessableEntity, Exceptions::NotAuthorized, Exceptions::Forbidden].include?(e.class)
|
2020-03-06 14:31:43 +00:00
|
|
|
data[:error_human] = data[:error]
|
2017-01-20 09:45:19 +00:00
|
|
|
end
|
|
|
|
|
2020-03-06 14:31:43 +00:00
|
|
|
if data[:error_human].present?
|
|
|
|
data[:error] = data[:error_human]
|
2021-07-23 13:07:16 +00:00
|
|
|
elsif !policy(Exceptions).view_details?
|
2020-03-06 14:31:43 +00:00
|
|
|
error_code_prefix = "Error ID #{SecureRandom.urlsafe_base64(6)}:"
|
|
|
|
Rails.logger.error "#{error_code_prefix} #{data[:error]}"
|
|
|
|
data[:error] = "#{error_code_prefix} Please contact your administrator."
|
2017-01-20 09:45:19 +00:00
|
|
|
end
|
2020-03-06 14:31:43 +00:00
|
|
|
|
2017-01-20 09:45:19 +00:00
|
|
|
data
|
|
|
|
end
|
|
|
|
end
|