From 20bb76848b852bba9ab3c99b1c2a68464585bd56 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 17 Aug 2016 16:11:46 +0200 Subject: bugfix: send 406 if an unexpected format is asked for It used to run the action and then trigger a 500 because the template was not found. fixes !3 . --- app/controllers/application_controller.rb | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'app') diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 2af2f29..61ced21 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,5 +1,6 @@ class ApplicationController < ActionController::Base protect_from_forgery + before_action :check_mime_types before_filter :set_locale before_filter :no_cache_header before_filter :no_frame_header @@ -9,8 +10,26 @@ class ApplicationController < ActionController::Base ActiveSupport.run_load_hooks(:application_controller, self) + # by default we only respond to html. + # If you want to respond with json you are probably working on + # an ApiController. + respond_to :html + protected + # UPGRADE: this won't be needed in Rails 5 anymore as it's the default + # behavior if a template is present but a different format would be + # rendered and that template is not present + def check_mime_types + mimes = collect_mimes_from_class_level() + return if mimes.empty? + + collector = ActionController::MimeResponds::Collector.new(mimes, request.variant) + unless collector.negotiate_format(request) + raise ActionController::UnknownFormat + end + end + def default_error_handler(exc) respond_to do |format| format.json { render_json_error(exc) } -- cgit v1.2.3 From fbad882075e745ab7afbe5f89c67544fb3c607c3 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 18 Aug 2016 11:00:16 +0200 Subject: respond_to on a per controller basis If you inherit respond to and call it again in your controller it will not overwrite the previous but add to it. Since we always have some exceptions from the rules it's probably easiest to be explicit in the controllers that require it themselves. --- app/controllers/account_controller.rb | 2 ++ app/controllers/account_settings_controller.rb | 0 app/controllers/api/identities_controller.rb | 2 ++ app/controllers/api/services_controller.rb | 2 ++ app/controllers/api/sessions_controller.rb | 1 + app/controllers/api_controller.rb | 1 - app/controllers/application_controller.rb | 26 +++++++++----------------- app/controllers/errors_controller.rb | 2 ++ app/controllers/home_controller.rb | 2 ++ app/controllers/pages_controller.rb | 2 ++ app/controllers/sessions_controller.rb | 3 ++- app/controllers/users_controller.rb | 2 +- 12 files changed, 25 insertions(+), 20 deletions(-) delete mode 100644 app/controllers/account_settings_controller.rb (limited to 'app') diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index ee7cca4..42e8983 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -3,6 +3,8 @@ class AccountController < ApplicationController before_filter :require_registration_allowed before_filter :redirect_if_logged_in + respond_to :html + def new @user = User.new end diff --git a/app/controllers/account_settings_controller.rb b/app/controllers/account_settings_controller.rb deleted file mode 100644 index e69de29..0000000 diff --git a/app/controllers/api/identities_controller.rb b/app/controllers/api/identities_controller.rb index ab2ac00..de4910a 100644 --- a/app/controllers/api/identities_controller.rb +++ b/app/controllers/api/identities_controller.rb @@ -3,6 +3,8 @@ module Api before_filter :token_authenticate before_filter :require_monitor + respond_to :json + def show @identity = Identity.find_by_address(params[:id]) if @identity diff --git a/app/controllers/api/services_controller.rb b/app/controllers/api/services_controller.rb index da2774b..58e129c 100644 --- a/app/controllers/api/services_controller.rb +++ b/app/controllers/api/services_controller.rb @@ -2,6 +2,8 @@ class Api::ServicesController < ApiController before_filter :require_login, :unless => :anonymous_access_allowed? + respond_to :json + def show respond_with current_user.effective_service_level end diff --git a/app/controllers/api/sessions_controller.rb b/app/controllers/api/sessions_controller.rb index c8deb7a..178f86e 100644 --- a/app/controllers/api/sessions_controller.rb +++ b/app/controllers/api/sessions_controller.rb @@ -2,6 +2,7 @@ module Api class SessionsController < ApiController before_filter :require_login, only: :destroy + respond_to :json def new @session = Session.new diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index 70b3cac..95c8f57 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -1,7 +1,6 @@ class ApiController < ApplicationController skip_before_filter :verify_authenticity_token - respond_to :json protected diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 61ced21..8d08a2c 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,33 +1,25 @@ class ApplicationController < ActionController::Base protect_from_forgery - before_action :check_mime_types before_filter :set_locale before_filter :no_cache_header before_filter :no_frame_header before_filter :language_header + + # UPGRADE: this won't be needed in Rails 5 anymore as it's the default + # behavior if a template is present but a different format would be + # rendered and that template is not present + before_filter :verify_request_format!, if: :mime_types_specified + rescue_from StandardError, :with => :default_error_handler rescue_from CouchRest::Exception, :with => :default_error_handler ActiveSupport.run_load_hooks(:application_controller, self) - # by default we only respond to html. - # If you want to respond with json you are probably working on - # an ApiController. - respond_to :html - protected - # UPGRADE: this won't be needed in Rails 5 anymore as it's the default - # behavior if a template is present but a different format would be - # rendered and that template is not present - def check_mime_types - mimes = collect_mimes_from_class_level() - return if mimes.empty? - - collector = ActionController::MimeResponds::Collector.new(mimes, request.variant) - unless collector.negotiate_format(request) - raise ActionController::UnknownFormat - end + def mime_types_specified + mimes = collect_mimes_from_class_level + mimes.present? end def default_error_handler(exc) diff --git a/app/controllers/errors_controller.rb b/app/controllers/errors_controller.rb index d869ab5..80c270f 100644 --- a/app/controllers/errors_controller.rb +++ b/app/controllers/errors_controller.rb @@ -1,5 +1,7 @@ # We render http errors ourselves so we can customize them class ErrorsController < ApplicationController + respond_to :html + # 404 def not_found render status: 404 diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb index 1d62178..86c36e9 100644 --- a/app/controllers/home_controller.rb +++ b/app/controllers/home_controller.rb @@ -1,6 +1,8 @@ class HomeController < ApplicationController layout 'home' + respond_to :html + def index if logged_in? redirect_to current_user diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb index e0f39e3..b9c601a 100644 --- a/app/controllers/pages_controller.rb +++ b/app/controllers/pages_controller.rb @@ -2,7 +2,9 @@ # Render static pages # + class PagesController < ApplicationController + respond_to :html def show @show_navigation = false diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 34d4f53..18e5216 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -1,6 +1,7 @@ class SessionsController < ApplicationController before_filter :redirect_if_logged_in, :only => [:new] + respond_to :html, :json def new @session = Session.new @@ -16,7 +17,7 @@ class SessionsController < ApplicationController end # - # Warden will catch all 401s and run this instead: + # Warden will catch all 401s and triggers this action: # def unauthenticated login_required diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 4d198b9..0a0f551 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -7,7 +7,7 @@ class UsersController < ApplicationController before_filter :require_login before_filter :require_admin, :only => [:index, :deactivate, :enable] - before_filter :fetch_user, :only => [:show, :edit, :destroy, :deactivate, :enable] + before_filter :fetch_user, :except => [:index] respond_to :html -- cgit v1.2.3