25bfe78f-c539-4492-9179-151d22460b61

Committed 30 Aug 2024 08:17PM UTC coverage: 45.357% (-50.4%) from 95.758%

Build # 25bfe78f-c539-4492-9179-151d22460b61

Build Type

push

circleci

Committed by

web-flow

Commit Message

Merge pull request #4168 from pulibrary/left_anchor_iii

Left anchor search

Run Details

23 of 23 new or added lines in 1 file covered. (100.0%)

3090 existing lines in 140 files now uncovered.

2779 of 6127 relevant lines covered (45.36%)

7.28 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

64.58

/lib/orangelight/middleware/invalid_parameter_handler.rb

# frozen_string_literal: true

# If the user enters a url that has invalid parameters
# this middleware will return a 400 status
# and the load balancer will display its own error page

module Orangelight
  module Middleware
    class InvalidParameterHandler
      def initialize(app)
        @app = app
      end

      def call(env)
        validate_for!(env)
        @app.call(env)
      rescue ActionController::BadRequest => bad_request_error
        raise bad_request_error if raise_error?(bad_request_error.message)

        Rails.logger.error "Invalid parameters passed in the request: #{bad_request_error} within the environment #{@request.inspect}"
        bad_request_response(env)
      end

      private

        def bad_request_body
          'Bad Request'
        end

        def bad_request_headers(env)
          {
            'Content-Type' => "#{request_content_type(env)}; charset=#{default_charset}",
            'Content-Length' => bad_request_body.bytesize.to_s
          }
        end

        def bad_request_response(env)
          [
            bad_request_status,
            bad_request_headers(env),
            [bad_request_body]
          ]
        end

        def bad_request_status
          400
        end

        def default_charset
          ActionDispatch::Response.default_charset
        end

        def default_content_type
          'text/html'
        end

        # Check if facet fields have empty value lists
        def facet_fields_values(params)
          facet_parameter = params.fetch(:f, [])
          raise ActionController::BadRequest, "Invalid facet parameter passed: #{facet_parameter}" unless facet_parameter.is_a?(Array) || facet_parameter.is_a?(Hash)

          facet_parameter.collect do |facet_field, value_list|
            raise ActionController::BadRequest, "Facet field #{facet_field} has a scalar value #{value_list}" if value_list.is_a?(String)

            next unless value_list.nil?
            raise ActionController::BadRequest, "Facet field #{facet_field} has a nil value"
          end
        end

        # Check if params have key with leading or trailing whitespaces
        def check_for_white_spaces(params)
          params.each_key do |k|
            next unless ((k[0].match?(/\s/) || k[-1].match?(/\s/)) && (k.is_a? String)) == true
            raise ActionController::BadRequest, "Param '#{k}' contains a space"
          end
        end

        ##
        # Previously, we were rescuing only from exceptions we recognized.
        # The problem with that is that there will be exceptions we don't recognize and
        # haven't been able to diagnose (see, e.g., https://github.com/pulibrary/orangelight/issues/1455)
        # and when those happen we want to provide the user with a graceful way forward,
        # not just an error screen. Therefore, we should rescue all errors, log the problem,
        # and redirect the user somewhere helpful.
        def raise_error?(_message)
          false
        end

        def request_content_type(env)
          request = request_for(env)
          request.formats.first || default_content_type
        end

        def request_for(env)
          ActionDispatch::Request.new(env.dup)
        end

        def valid_message_patterns
          [
            /invalid %-encoding/,
            /Facet field/,
            /Invalid facet/,
            /contains a space/
          ]
        end

        def validate_for!(env)
          # calling request.params is sufficient to trigger an error
          # see https://github.com/rack/rack/issues/337#issuecomment-46453404
          params = request_for(env).params
          check_for_white_spaces(params)
          facet_fields_values(params)
        end
    end
  end
end

1	# frozen_string_literal: true
2
3	# If the user enters a url that has invalid parameters
4	# this middleware will return a 400 status
5	# and the load balancer will display its own error page
6
7	module Orangelight	2✔
8	module Middleware	2✔
9	class InvalidParameterHandler	2✔
10	def initialize(app)	2✔
11	@app = app	2✔
12	end
13
14	def call(env)	2✔
15	validate_for!(env)	26✔
16	@app.call(env)	26✔
17	rescue ActionController::BadRequest => bad_request_error
UNCOV 18	raise bad_request_error if raise_error?(bad_request_error.message)	×
19
UNCOV 20	Rails.logger.error "Invalid parameters passed in the request: #{bad_request_error} within the environment #{@request.inspect}"	×
UNCOV 21	bad_request_response(env)	×
22	end
23
24	private	2✔
25
26	def bad_request_body	2✔
UNCOV 27	'Bad Request'	×
28	end
29
30	def bad_request_headers(env)	2✔
31	{
UNCOV 32	'Content-Type' => "#{request_content_type(env)}; charset=#{default_charset}",	×
33	'Content-Length' => bad_request_body.bytesize.to_s
34	}
35	end
36
37	def bad_request_response(env)	2✔
38	[
UNCOV 39	bad_request_status,	×
40	bad_request_headers(env),
41	[bad_request_body]
42	]
43	end
44
45	def bad_request_status	2✔
UNCOV 46	400	×
47	end
48
49	def default_charset	2✔
UNCOV 50	ActionDispatch::Response.default_charset	×
51	end
52
53	def default_content_type	2✔
54	'text/html'	×
55	end
56
57	# Check if facet fields have empty value lists
58	def facet_fields_values(params)	2✔
59	facet_parameter = params.fetch(:f, [])	26✔
60	raise ActionController::BadRequest, "Invalid facet parameter passed: #{facet_parameter}" unless facet_parameter.is_a?(Array) \|\| facet_parameter.is_a?(Hash)	26✔
61
62	facet_parameter.collect do \|facet_field, value_list\|	26✔
UNCOV 63	raise ActionController::BadRequest, "Facet field #{facet_field} has a scalar value #{value_list}" if value_list.is_a?(String)	×
64
UNCOV 65	next unless value_list.nil?	×
UNCOV 66	raise ActionController::BadRequest, "Facet field #{facet_field} has a nil value"	×
67	end
68	end
69
70	# Check if params have key with leading or trailing whitespaces
71	def check_for_white_spaces(params)	2✔
72	params.each_key do \|k\|	26✔
73	next unless ((k[0].match?(/\s/) \|\| k[-1].match?(/\s/)) && (k.is_a? String)) == true	55✔
UNCOV 74	raise ActionController::BadRequest, "Param '#{k}' contains a space"	×
75	end
76	end
77
78	##
79	# Previously, we were rescuing only from exceptions we recognized.
80	# The problem with that is that there will be exceptions we don't recognize and
81	# haven't been able to diagnose (see, e.g., https://github.com/pulibrary/orangelight/issues/1455)
82	# and when those happen we want to provide the user with a graceful way forward,
83	# not just an error screen. Therefore, we should rescue all errors, log the problem,
84	# and redirect the user somewhere helpful.
85	def raise_error?(_message)	2✔
UNCOV 86	false	×
87	end
88
89	def request_content_type(env)	2✔
UNCOV 90	request = request_for(env)	×
UNCOV 91	request.formats.first \|\| default_content_type	×
92	end
93
94	def request_for(env)	2✔
95	ActionDispatch::Request.new(env.dup)	26✔
96	end
97
98	def valid_message_patterns	2✔
99	[	×
100	/invalid %-encoding/,
101	/Facet field/,
102	/Invalid facet/,
103	/contains a space/
104	]
105	end
106
107	def validate_for!(env)	2✔
108	# calling request.params is sufficient to trigger an error
109	# see https://github.com/rack/rack/issues/337#issuecomment-46453404
110	params = request_for(env).params	26✔
111	check_for_white_spaces(params)	26✔
112	facet_fields_values(params)	26✔
113	end
114	end
115	end
116	end

pulibrary / orangelight / 25bfe78f-c539-4492-9179-151d22460b61

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous