Commit 5ac87c8d01b8b0f107dbd649a086f0d05616a5ac
1 parent
aef9896f
Exists in
master
and in
1 other branch
Return an 422 HTTP status code in notice submit when API_KEY is not valid
When a notice is do with an invalid api_key the return is a 404 HTTP code and no explain about what really happen. Now if you try post a notice with a bad API_KEY, errbit return a 422 HTTP status code, like doing by airbrake. see #472
Showing
6 changed files
with
162 additions
and
70 deletions
Show diff stats
app/controllers/notices_controller.rb
| @@ -5,11 +5,17 @@ class NoticesController < ApplicationController | @@ -5,11 +5,17 @@ class NoticesController < ApplicationController | ||
| 5 | 5 | ||
| 6 | def create | 6 | def create |
| 7 | # params[:data] if the notice came from a GET request, raw_post if it came via POST | 7 | # params[:data] if the notice came from a GET request, raw_post if it came via POST |
| 8 | - notice = App.report_error!(params[:data] || request.raw_post) | ||
| 9 | - api_xml = notice.to_xml(:only => false, :methods => [:id]) do |xml| | ||
| 10 | - xml.url locate_url(notice.id, :host => Errbit::Config.host) | 8 | + report = ErrorReport.new(params[:data] || request.raw_post) |
| 9 | + | ||
| 10 | + if report.valid? | ||
| 11 | + report.generate_notice! | ||
| 12 | + api_xml = report.notice.to_xml(:only => false, :methods => [:id]) do |xml| | ||
| 13 | + xml.url locate_url(report.notice.id, :host => Errbit::Config.host) | ||
| 14 | + end | ||
| 15 | + render :xml => api_xml | ||
| 16 | + else | ||
| 17 | + render :text => "Your API key is unknown", :status => 422 | ||
| 11 | end | 18 | end |
| 12 | - render :xml => api_xml | ||
| 13 | end | 19 | end |
| 14 | 20 | ||
| 15 | # Redirects a notice to the problem page. Useful when using User Information at Airbrake gem. | 21 | # Redirects a notice to the problem page. Useful when using User Information at Airbrake gem. |
| @@ -17,4 +23,5 @@ class NoticesController < ApplicationController | @@ -17,4 +23,5 @@ class NoticesController < ApplicationController | ||
| 17 | problem = Notice.find(params[:id]).problem | 23 | problem = Notice.find(params[:id]).problem |
| 18 | redirect_to app_problem_path(problem.app, problem) | 24 | redirect_to app_problem_path(problem.app, problem) |
| 19 | end | 25 | end |
| 26 | + | ||
| 20 | end | 27 | end |
app/models/error_report.rb
| @@ -26,7 +26,7 @@ class ErrorReport | @@ -26,7 +26,7 @@ class ErrorReport | ||
| 26 | end | 26 | end |
| 27 | 27 | ||
| 28 | def app | 28 | def app |
| 29 | - @app ||= App.find_by_api_key!(api_key) | 29 | + @app ||= App.where(:api_key => api_key).first |
| 30 | end | 30 | end |
| 31 | 31 | ||
| 32 | def backtrace | 32 | def backtrace |
| @@ -34,7 +34,9 @@ class ErrorReport | @@ -34,7 +34,9 @@ class ErrorReport | ||
| 34 | end | 34 | end |
| 35 | 35 | ||
| 36 | def generate_notice! | 36 | def generate_notice! |
| 37 | - notice = Notice.new( | 37 | + return unless valid? |
| 38 | + return @notice if @notice | ||
| 39 | + @notice = Notice.new( | ||
| 38 | :message => message, | 40 | :message => message, |
| 39 | :error_class => error_class, | 41 | :error_class => error_class, |
| 40 | :backtrace_id => backtrace.id, | 42 | :backtrace_id => backtrace.id, |
| @@ -44,9 +46,10 @@ class ErrorReport | @@ -44,9 +46,10 @@ class ErrorReport | ||
| 44 | :user_attributes => user_attributes, | 46 | :user_attributes => user_attributes, |
| 45 | :framework => framework | 47 | :framework => framework |
| 46 | ) | 48 | ) |
| 47 | - error.notices << notice | ||
| 48 | - notice | 49 | + error.notices << @notice |
| 50 | + @notice | ||
| 49 | end | 51 | end |
| 52 | + attr_reader :notice | ||
| 50 | 53 | ||
| 51 | ## | 54 | ## |
| 52 | # Error associate to this error_report | 55 | # Error associate to this error_report |
| @@ -64,9 +67,11 @@ class ErrorReport | @@ -64,9 +67,11 @@ class ErrorReport | ||
| 64 | ) | 67 | ) |
| 65 | end | 68 | end |
| 66 | 69 | ||
| 67 | - private | ||
| 68 | - | 70 | + def valid? |
| 71 | + !!app | ||
| 72 | + end | ||
| 69 | 73 | ||
| 74 | + private | ||
| 70 | 75 | ||
| 71 | def fingerprint_source | 76 | def fingerprint_source |
| 72 | # Find the first backtrace line with a file and line number. | 77 | # Find the first backtrace line with a file and line number. |
spec/controllers/notices_controller_spec.rb
| @@ -3,87 +3,94 @@ require 'spec_helper' | @@ -3,87 +3,94 @@ require 'spec_helper' | ||
| 3 | describe NoticesController do | 3 | describe NoticesController do |
| 4 | it_requires_authentication :for => { :locate => :get } | 4 | it_requires_authentication :for => { :locate => :get } |
| 5 | 5 | ||
| 6 | + let(:notice) { Fabricate(:notice) } | ||
| 7 | + let(:xml) { Rails.root.join('spec','fixtures','hoptoad_test_notice.xml').read } | ||
| 6 | let(:app) { Fabricate(:app) } | 8 | let(:app) { Fabricate(:app) } |
| 9 | + let(:error_report) { mock(:valid? => true, :generate_notice! => true, :notice => notice) } | ||
| 7 | 10 | ||
| 8 | context 'notices API' do | 11 | context 'notices API' do |
| 9 | before do | 12 | before do |
| 10 | - @xml = Rails.root.join('spec','fixtures','hoptoad_test_notice.xml').read | ||
| 11 | - @app = Fabricate(:app_with_watcher) | ||
| 12 | - App.stub(:find_by_api_key!).and_return(@app) | ||
| 13 | - @notice = App.report_error!(@xml) | 13 | + ErrorReport.should_receive(:new).with(xml).and_return(error_report) |
| 14 | end | 14 | end |
| 15 | 15 | ||
| 16 | - it "generates a notice from raw xml [POST]" do | ||
| 17 | - App.should_receive(:report_error!).with(@xml).and_return(@notice) | ||
| 18 | - request.should_receive(:raw_post).and_return(@xml) | ||
| 19 | - post :create, :format => :xml | ||
| 20 | - response.should be_success | ||
| 21 | - # Same RegExp from Airbrake::Sender#send_to_airbrake (https://github.com/airbrake/airbrake/blob/master/lib/airbrake/sender.rb#L53) | ||
| 22 | - # Inspired by https://github.com/airbrake/airbrake/blob/master/test/sender_test.rb | ||
| 23 | - response.body.should match(%r{<id[^>]*>#{@notice.id}</id>}) | ||
| 24 | - response.body.should match(%r{<url[^>]*>(.+)#{locate_path(@notice.id)}</url>}) | ||
| 25 | - end | 16 | + context "with xml pass in raw_port" do |
| 17 | + before do | ||
| 18 | + request.should_receive(:raw_post).and_return(xml) | ||
| 19 | + post :create, :format => :xml | ||
| 20 | + end | ||
| 26 | 21 | ||
| 27 | - it "should transform xml <va> tags to hashes correctly" do | ||
| 28 | - App.should_receive(:report_error!).with(@xml).and_return(@notice) | ||
| 29 | - request.should_receive(:raw_post).and_return(@xml) | ||
| 30 | - post :create, :format => :xml | 22 | + it "generates a notice from raw xml [POST]" do |
| 23 | + response.should be_success | ||
| 24 | + # Same RegExp from Airbrake::Sender#send_to_airbrake (https://github.com/airbrake/airbrake/blob/master/lib/airbrake/sender.rb#L53) | ||
| 25 | + # Inspired by https://github.com/airbrake/airbrake/blob/master/test/sender_test.rb | ||
| 26 | + response.body.should match(%r{<id[^>]*>#{notice.id}</id>}) | ||
| 27 | + response.body.should match(%r{<url[^>]*>(.+)#{locate_path(notice.id)}</url>}) | ||
| 28 | + end | ||
| 31 | 29 | ||
| 32 | - # XML: <var key="SCRIPT_NAME"/> | ||
| 33 | - @notice.env_vars.should have_key('SCRIPT_NAME') | ||
| 34 | - @notice.env_vars['SCRIPT_NAME'].should be_nil # blank ends up nil | 30 | + it "should transform xml <va> tags to hashes correctly" do |
| 31 | + pending # TODO, need to be test on ErrorReport model | ||
| 32 | + # XML: <var key="SCRIPT_NAME"/> | ||
| 33 | + notice.env_vars.should have_key('SCRIPT_NAME') | ||
| 34 | + notice.env_vars['SCRIPT_NAME'].should be_nil # blank ends up nil | ||
| 35 | 35 | ||
| 36 | - # XML representation: | ||
| 37 | - # <var key="rack.session.options"> | ||
| 38 | - # <var key="secure">false</var> | ||
| 39 | - # <var key="httponly">true</var> | ||
| 40 | - # <var key="path">/</var> | ||
| 41 | - # <var key="expire_after"/> | ||
| 42 | - # <var key="domain"/> | ||
| 43 | - # <var key="id"/> | ||
| 44 | - # </var> | ||
| 45 | - expected = { | ||
| 46 | - 'secure' => 'false', | ||
| 47 | - 'httponly' => 'true', | ||
| 48 | - 'path' => '/', | ||
| 49 | - 'expire_after' => nil, | ||
| 50 | - 'domain' => nil, | ||
| 51 | - 'id' => nil | ||
| 52 | - } | ||
| 53 | - @notice.env_vars.should have_key('rack_session_options') | ||
| 54 | - @notice.env_vars['rack_session_options'].should eql(expected) | 36 | + # XML representation: |
| 37 | + # <var key="rack.session.options"> | ||
| 38 | + # <var key="secure">false</var> | ||
| 39 | + # <var key="httponly">true</var> | ||
| 40 | + # <var key="path">/</var> | ||
| 41 | + # <var key="expire_after"/> | ||
| 42 | + # <var key="domain"/> | ||
| 43 | + # <var key="id"/> | ||
| 44 | + # </var> | ||
| 45 | + expected = { | ||
| 46 | + 'secure' => 'false', | ||
| 47 | + 'httponly' => 'true', | ||
| 48 | + 'path' => '/', | ||
| 49 | + 'expire_after' => nil, | ||
| 50 | + 'domain' => nil, | ||
| 51 | + 'id' => nil | ||
| 52 | + } | ||
| 53 | + notice.env_vars.should have_key('rack_session_options') | ||
| 54 | + notice.env_vars['rack_session_options'].should eql(expected) | ||
| 55 | + end | ||
| 55 | end | 56 | end |
| 56 | 57 | ||
| 57 | it "generates a notice from xml in a data param [POST]" do | 58 | it "generates a notice from xml in a data param [POST]" do |
| 58 | - App.should_receive(:report_error!).with(@xml).and_return(@notice) | ||
| 59 | - post :create, :data => @xml, :format => :xml | 59 | + post :create, :data => xml, :format => :xml |
| 60 | response.should be_success | 60 | response.should be_success |
| 61 | # Same RegExp from Airbrake::Sender#send_to_airbrake (https://github.com/airbrake/airbrake/blob/master/lib/airbrake/sender.rb#L53) | 61 | # Same RegExp from Airbrake::Sender#send_to_airbrake (https://github.com/airbrake/airbrake/blob/master/lib/airbrake/sender.rb#L53) |
| 62 | # Inspired by https://github.com/airbrake/airbrake/blob/master/test/sender_test.rb | 62 | # Inspired by https://github.com/airbrake/airbrake/blob/master/test/sender_test.rb |
| 63 | - response.body.should match(%r{<id[^>]*>#{@notice.id}</id>}) | ||
| 64 | - response.body.should match(%r{<url[^>]*>(.+)#{locate_path(@notice.id)}</url>}) | 63 | + response.body.should match(%r{<id[^>]*>#{notice.id}</id>}) |
| 64 | + response.body.should match(%r{<url[^>]*>(.+)#{locate_path(notice.id)}</url>}) | ||
| 65 | end | 65 | end |
| 66 | 66 | ||
| 67 | it "generates a notice from xml [GET]" do | 67 | it "generates a notice from xml [GET]" do |
| 68 | - App.should_receive(:report_error!).with(@xml).and_return(@notice) | ||
| 69 | - get :create, :data => @xml, :format => :xml | 68 | + get :create, :data => xml, :format => :xml |
| 70 | response.should be_success | 69 | response.should be_success |
| 71 | - response.body.should match(%r{<id[^>]*>#{@notice.id}</id>}) | ||
| 72 | - response.body.should match(%r{<url[^>]*>(.+)#{locate_path(@notice.id)}</url>}) | 70 | + response.body.should match(%r{<id[^>]*>#{notice.id}</id>}) |
| 71 | + response.body.should match(%r{<url[^>]*>(.+)#{locate_path(notice.id)}</url>}) | ||
| 72 | + end | ||
| 73 | + context "with an invalid API_KEY" do | ||
| 74 | + let(:error_report) { mock(:valid? => false) } | ||
| 75 | + it 'return 422' do | ||
| 76 | + post :create, :format => :xml, :data => xml | ||
| 77 | + expect(response.status).to eq 422 | ||
| 78 | + end | ||
| 73 | end | 79 | end |
| 74 | 80 | ||
| 75 | - it "sends a notification email" do | ||
| 76 | - App.should_receive(:report_error!).with(@xml).and_return(@notice) | ||
| 77 | - request.should_receive(:raw_post).and_return(@xml) | 81 | + # Not relevant here, Nee to be test on App.report_error! test |
| 82 | + it "sends a notification email", :pending => true do | ||
| 83 | + App.should_receive(:report_error!).with(xml).and_return(notice) | ||
| 84 | + request.should_receive(:raw_post).and_return(xml) | ||
| 78 | post :create, :format => :xml | 85 | post :create, :format => :xml |
| 79 | response.should be_success | 86 | response.should be_success |
| 80 | - response.body.should match(%r{<id[^>]*>#{@notice.id}</id>}) | ||
| 81 | - response.body.should match(%r{<url[^>]*>(.+)#{locate_path(@notice.id)}</url>}) | 87 | + response.body.should match(%r{<id[^>]*>#{notice.id}</id>}) |
| 88 | + response.body.should match(%r{<url[^>]*>(.+)#{locate_path(notice.id)}</url>}) | ||
| 82 | email = ActionMailer::Base.deliveries.last | 89 | email = ActionMailer::Base.deliveries.last |
| 83 | - email.to.should include(@app.watchers.first.email) | ||
| 84 | - email.subject.should include(@notice.message.truncate(50)) | ||
| 85 | - email.subject.should include("[#{@app.name}]") | ||
| 86 | - email.subject.should include("[#{@notice.environment_name}]") | 90 | + email.to.should include(app.watchers.first.email) |
| 91 | + email.subject.should include(notice.message.truncate(50)) | ||
| 92 | + email.subject.should include("[#{app.name}]") | ||
| 93 | + email.subject.should include("[#{notice.environment_name}]") | ||
| 87 | end | 94 | end |
| 88 | end | 95 | end |
| 89 | 96 |
spec/models/app_spec.rb
| @@ -187,7 +187,8 @@ describe App do | @@ -187,7 +187,8 @@ describe App do | ||
| 187 | end | 187 | end |
| 188 | 188 | ||
| 189 | 189 | ||
| 190 | - context '#report_error!' do | 190 | + context '#report_error!', :pending => true do |
| 191 | + # method delete. test need to be on spec/models/error_report | ||
| 191 | before do | 192 | before do |
| 192 | @xml = Rails.root.join('spec','fixtures','hoptoad_test_notice.xml').read | 193 | @xml = Rails.root.join('spec','fixtures','hoptoad_test_notice.xml').read |
| 193 | @app = Fabricate(:app, :api_key => 'APIKEY') | 194 | @app = Fabricate(:app, :api_key => 'APIKEY') |
| @@ -290,6 +291,17 @@ describe App do | @@ -290,6 +291,17 @@ describe App do | ||
| 290 | 291 | ||
| 291 | end | 292 | end |
| 292 | 293 | ||
| 294 | + describe ".find_by_api_key!" do | ||
| 295 | + it 'return the app with api_key' do | ||
| 296 | + app = Fabricate(:app) | ||
| 297 | + expect(App.find_by_api_key!(app.api_key)).to eq app | ||
| 298 | + end | ||
| 299 | + it 'raise Mongoid::Errors::DocumentNotFound if not found' do | ||
| 300 | + expect { | ||
| 301 | + App.find_by_api_key!('foo') | ||
| 302 | + }.to raise_error(Mongoid::Errors::DocumentNotFound) | ||
| 303 | + end | ||
| 304 | + end | ||
| 293 | 305 | ||
| 294 | end | 306 | end |
| 295 | 307 |
spec/models/error_report_spec.rb
| @@ -10,7 +10,7 @@ describe ErrorReport do | @@ -10,7 +10,7 @@ describe ErrorReport do | ||
| 10 | ErrorReport.new(xml) | 10 | ErrorReport.new(xml) |
| 11 | } | 11 | } |
| 12 | 12 | ||
| 13 | - let(:app) { | 13 | + let!(:app) { |
| 14 | Fabricate( | 14 | Fabricate( |
| 15 | :app, | 15 | :app, |
| 16 | :api_key => 'APIKEY' | 16 | :api_key => 'APIKEY' |
| @@ -24,7 +24,7 @@ describe ErrorReport do | @@ -24,7 +24,7 @@ describe ErrorReport do | ||
| 24 | end | 24 | end |
| 25 | end | 25 | end |
| 26 | 26 | ||
| 27 | - context "#generate_notice!" do | 27 | + describe "#generate_notice!" do |
| 28 | it "save a notice" do | 28 | it "save a notice" do |
| 29 | expect { | 29 | expect { |
| 30 | error_report.generate_notice! | 30 | error_report.generate_notice! |
| @@ -32,6 +32,52 @@ describe ErrorReport do | @@ -32,6 +32,52 @@ describe ErrorReport do | ||
| 32 | app.reload.problems.count | 32 | app.reload.problems.count |
| 33 | }.by(1) | 33 | }.by(1) |
| 34 | end | 34 | end |
| 35 | + | ||
| 36 | + it 'memoize the notice' do | ||
| 37 | + expect { | ||
| 38 | + error_report.generate_notice! | ||
| 39 | + error_report.generate_notice! | ||
| 40 | + }.to change { | ||
| 41 | + Notice.count | ||
| 42 | + }.by(1) | ||
| 43 | + end | ||
| 44 | + end | ||
| 45 | + | ||
| 46 | + describe "#valid?" do | ||
| 47 | + context "with valid error report" do | ||
| 48 | + it "return true" do | ||
| 49 | + expect(error_report.valid?).to be true | ||
| 50 | + end | ||
| 51 | + end | ||
| 52 | + context "with not valid api_key" do | ||
| 53 | + before do | ||
| 54 | + App.where(:api_key => app.api_key).delete_all | ||
| 55 | + end | ||
| 56 | + it "return false" do | ||
| 57 | + expect(error_report.valid?).to be false | ||
| 58 | + end | ||
| 59 | + end | ||
| 35 | end | 60 | end |
| 61 | + | ||
| 62 | + describe "#notice" do | ||
| 63 | + context "before generate_notice!" do | ||
| 64 | + it 'return nil' do | ||
| 65 | + expect(error_report.notice).to be nil | ||
| 66 | + end | ||
| 67 | + end | ||
| 68 | + | ||
| 69 | + context "after generate_notice!" do | ||
| 70 | + before do | ||
| 71 | + error_report.generate_notice! | ||
| 72 | + end | ||
| 73 | + | ||
| 74 | + it 'return the notice' do | ||
| 75 | + expect(error_report.notice).to be_a Notice | ||
| 76 | + end | ||
| 77 | + | ||
| 78 | + end | ||
| 79 | + end | ||
| 80 | + | ||
| 81 | + | ||
| 36 | end | 82 | end |
| 37 | end | 83 | end |
spec/requests/notices_controller_spec.rb
| @@ -30,6 +30,21 @@ describe "Notices management" do | @@ -30,6 +30,21 @@ describe "Notices management" do | ||
| 30 | end | 30 | end |
| 31 | end | 31 | end |
| 32 | 32 | ||
| 33 | + context "with notice with bad api_key" do | ||
| 34 | + let(:errbit_app) { Fabricate(:app) } | ||
| 35 | + let(:xml) { Rails.root.join('spec','fixtures','hoptoad_test_notice.xml').read } | ||
| 36 | + it 'not save a new notice and return 422' do | ||
| 37 | + expect { | ||
| 38 | + post '/notifier_api/v2/notices', :data => xml | ||
| 39 | + expect(response.status).to eq 422 | ||
| 40 | + expect(response.body).to eq "Your API key is unknown" | ||
| 41 | + }.to_not change { | ||
| 42 | + errbit_app.problems.count | ||
| 43 | + }.by(1) | ||
| 44 | + end | ||
| 45 | + | ||
| 46 | + end | ||
| 47 | + | ||
| 33 | end | 48 | end |
| 34 | 49 | ||
| 35 | end | 50 | end |