fix: use find_by! to return 404 for invalid tokens#2529
Open
mroderick wants to merge 1 commit intocodebar:masterfrom
Open
fix: use find_by! to return 404 for invalid tokens#2529mroderick wants to merge 1 commit intocodebar:masterfrom
mroderick wants to merge 1 commit intocodebar:masterfrom
Conversation
- Changed find_by to find_by! in before_action set_* methods to raise ActiveRecord::RecordNotFound (which Rails converts to 404) instead of returning nil and causing NoMethodError High priority (production crash): - workshop_invitation_concerns.rb - WorkshopInvitation lookup - admin/meeting_invitations_controller.rb - MeetingInvitation lookup - admin/invitations_controller.rb - workshop invitation lookup Medium priority (potential 500 errors): - admin/meetings_controller.rb - Meeting lookup by slug - events_controller.rb - Event lookup by slug - admin/events_controller.rb - Event lookup by slug Lower priority: - invitations_controller.rb:80 - MeetingInvitation lookup in cancel_meeting - contact_preferences_controller.rb:11 - Contact lookup in update - feedback_controller.rb:22 - FeedbackRequest lookup in submit
mroderick
force-pushed
the
fix/find-by-nil-errors-v2
branch
from
cf7bd6d to
561b644
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Converts silent
nilreturns fromfind_bytofind_by!in before_action callbacks, causing Rails to return a proper 404 response instead of a 500 error when invalid tokens are accessed.Problem
In production, users visiting
/invitations/:tokenwith invalid tokens were seeing:This happened because:
InvitationController#showuses@invitation.memberon line 5@invitationvariable was set by a before_action usingfind_by(token: ...)find_byreturnsnilwhen no record matches (instead of raising an exception).memberonnilcausesNoMethodErrorRoot Cause Analysis
The issue was identified in
app/controllers/concerns/workshop_invitation_concerns.rb:25-27:This pattern existed in 9 locations across the codebase, using
find_byinstead offind_by!for token/slug lookups in before_action callbacks.Solution
Changed
find_bytofind_by!in all 9 locations. Thefind_by!method raisesActiveRecord::RecordNotFoundwhen no record is found, which Rails automatically converts to a 404 response.Files Changed
app/controllers/concerns/workshop_invitation_concerns.rbapp/controllers/admin/meeting_invitations_controller.rbapp/controllers/admin/invitations_controller.rbapp/controllers/admin/meetings_controller.rbapp/controllers/events_controller.rbapp/controllers/admin/events_controller.rbapp/controllers/invitations_controller.rbapp/controllers/contact_preferences_controller.rbapp/controllers/feedback_controller.rbTesting
All controller tests pass. Note: Some pre-existing test failures exist in the codebase (related to 'twitter' attribute on Member model), but these are unrelated to this fix.
Impact
This is more user-friendly and follows REST conventions - an invalid token represents a resource that doesn't exist, not a server error.
Audit Notes
A broader audit of the codebase was performed to identify similar patterns. All
find_bycalls in before_action callbacks that could cause nil-related crashes have been addressed.