discourse/spec/integration/invalid_request_spec.rb
David Taylor 64be371749
DEV: Improve handling of invalid requests (#15841)
Our discourse_public_exceptions middleware is designed to catch bubbled exceptions from lower in the stack, and then use `ApplicationController.rescue_with_handler` to render an appropriate error response.

When the request itself is invalid, we had an escape-hatch to skip re-dispatching the request to ApplicationController. However, it was possible to work around this by 'layering' the errors. For example, if you made a request which resulted in a 404, but **also** had some other invalidity, the escape hatch would not be triggered.

This commit ensures that these kind of 'layered' errors are properly handled, without logging warnings. It also adds detection for invalid JSON bodies and badly-formed multipart requests.

The user-facing behavior is unchanged. This commit simply prevents warnings being logged for invalid requests.
2022-02-07 13:16:57 +00:00

40 lines
1.1 KiB
Ruby

# frozen_string_literal: true
require 'rails_helper'
describe 'invalid requests', type: :request do
before do
@orig_logger = Rails.logger
Rails.logger = @fake_logger = FakeLogger.new
end
after do
Rails.logger = @orig_logger
end
it "handles NotFound with invalid json body" do
post "/latest.json", params: "{some: malformed: json", headers: { "content-type" => "application/json" }
expect(response.status).to eq(404)
expect(@fake_logger.warnings.length).to eq(0)
expect(@fake_logger.errors.length).to eq(0)
end
it "handles EOFError when multipart request is malformed" do
post "/latest.json", params: "somecontent", headers: {
"content-type" => "multipart/form-data; boundary=abcde",
"content-length" => "1"
}
expect(response.status).to eq(400)
expect(@fake_logger.warnings.length).to eq(0)
expect(@fake_logger.errors.length).to eq(0)
end
it "handles invalid parameters" do
post "/latest.json", params: { "foo" => "\255bar" }
expect(response.status).to eq(404)
expect(@fake_logger.warnings.length).to eq(0)
expect(@fake_logger.errors.length).to eq(0)
end
end