From cf24c2b22e23b2e108270fb5e11b8f84b523dd15 Mon Sep 17 00:00:00 2001 From: Finn Bacall Date: Thu, 30 Jan 2025 12:39:05 +0000 Subject: [PATCH] Handle exceptions in `examine_url`. Custom error message for SSL issues. Fixes #2128 --- lib/seek/upload_handling/examine_url.rb | 27 +++++++++---------- .../content_blobs_controller_test.rb | 21 +++++++++++++++ 2 files changed, 33 insertions(+), 15 deletions(-) diff --git a/lib/seek/upload_handling/examine_url.rb b/lib/seek/upload_handling/examine_url.rb index d813f389f9..efe87a07bd 100644 --- a/lib/seek/upload_handling/examine_url.rb +++ b/lib/seek/upload_handling/examine_url.rb @@ -25,8 +25,17 @@ def examine_url @type = 'warning' @warning_msg = "Unhandled URL scheme: #{uri.scheme}. The given URL will be presented as a clickable link." end + rescue URI::InvalidURIError + @type = 'override' + @error_msg = 'The URL appears to be invalid.' + rescue OpenSSL::OpenSSLError + @type = 'error' + @error_msg = 'SSL connection to the URL failed - Please check the certificate is valid.' rescue StandardError => e - handle_exception_response(e) + raise e if Rails.application.config.consider_all_requests_local + exception_notification(500, e) + @type = 'error' + @error_msg = 'An unexpected error occurred whilst accessing the URL.' end respond_to do |format| @@ -75,26 +84,14 @@ def handle_bad_http_response(code) @error_msg = "We can't find out information about this URL - Method not allowed response." when 404 @type = 'override' - @error_msg = 'Nothing can be found at that URL. Please check the address and try again' - when 400 - @type = 'override' - @error_msg = 'The URL appears to be invalid' + @error_msg = 'Nothing can be found at that URL. Please check the address and try again.' when 490 - @error_msg = 'That URL is inaccessible. Please check the address and try again' + @error_msg = 'That URL is inaccessible. Please check the address and try again.' else @error_msg = "We can't find out information about this URL - unhandled response code: #{code}" end end - def handle_exception_response(exception) - case exception - when URI::InvalidURIError - handle_bad_http_response(400) - else - fail exception - end - end - def is_myexperiment_url?(url) URI uri = URI(url) uri.hostname.include?('myexperiment.org') && uri.path.end_with?('.html') diff --git a/test/functional/content_blobs_controller_test.rb b/test/functional/content_blobs_controller_test.rb index de138806c5..d0e67fc9bd 100644 --- a/test/functional/content_blobs_controller_test.rb +++ b/test/functional/content_blobs_controller_test.rb @@ -216,6 +216,27 @@ def setup assert assigns(:warning_msg) end + test 'examine url bad cert' do + stub_request(:head, 'https://iuseaselfsigned.cert').to_raise(OpenSSL::SSL::SSLError) + get :examine_url, xhr: true, params: { data_url: 'https://iuseaselfsigned.cert' } + assert_response 400 + assert @response.body.include?('SSL connection to the URL failed') + assert_equal 'error', assigns(:type) + assert assigns(:error_msg) + end + + test 'examine url unhandled exception' do + Rails.application.config.consider_all_requests_local = false + stub_request(:head, 'https://somethingeterrible').to_raise(NoMethodError) + get :examine_url, xhr: true, params: { data_url: 'https://somethingeterrible' } + assert_response 400 + assert @response.body.include?('An unexpected error occurred') + assert_equal 'error', assigns(:type) + assert assigns(:error_msg) + ensure + Rails.application.config.consider_all_requests_local = true + end + test 'examine url localhost' do begin # Need to allow the request through so that `private_address_check` can catch it.