From 4f9b98e5b6e37e880ae410aef8a19c56172c10d5 Mon Sep 17 00:00:00 2001 From: Andrew White Date: Fri, 1 Dec 2023 16:47:07 +0000 Subject: [PATCH] Use JSON to pass error hash instead of dangerous instance_eval --- app/controllers/concerns/api/error_handler.rb | 8 ++++---- app/services/request.rb | 2 +- spec/services/request_spec.rb | 12 ++++++------ 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/app/controllers/concerns/api/error_handler.rb b/app/controllers/concerns/api/error_handler.rb index 6c070b58..4048882b 100644 --- a/app/controllers/concerns/api/error_handler.rb +++ b/app/controllers/concerns/api/error_handler.rb @@ -11,12 +11,12 @@ module ErrorHandler private def format_error(error) - error_hash = instance_eval(error.message) + error_hash = JSON.parse(error.message) - response = error_hash[:response] + response = error_hash["response"] message = response["message"] || response - status = error_hash[:status].to_s || API_ERROR.to_s - http_method = error_hash[:http_method].to_s + status = error_hash["status"].to_s || API_ERROR.to_s + http_method = error_hash["http_method"].to_s respond_to do |format| format.json do diff --git a/app/services/request.rb b/app/services/request.rb index 1f8914bf..5633f6db 100644 --- a/app/services/request.rb +++ b/app/services/request.rb @@ -57,7 +57,7 @@ def call # rubocop:disable Metrics/CyclomaticComplexity attr_reader :connection, :http_method, :params, :upload_file def errors(response, status) - {response:, status:, http_method:} + {response:, status:, http_method:}.to_json end def get_response_and_status # rubocop:disable Metrics/AbcSize, Naming/AccessorMethodName diff --git a/spec/services/request_spec.rb b/spec/services/request_spec.rb index 9e985e24..6729f695 100644 --- a/spec/services/request_spec.rb +++ b/spec/services/request_spec.rb @@ -41,7 +41,7 @@ expect do request.call end.to raise_error(described_class::BadRequestError) - .with_message("{:response=>\"Bad request\", :status=>400, :http_method=>:get}") + .with_message(%({"response":"Bad request","status":400,"http_method":"get"})) end end @@ -57,7 +57,7 @@ expect do request.call end.to raise_error(described_class::UnauthorizedError) - .with_message("{:response=>\"Unauthorized\", :status=>401, :http_method=>:get}") + .with_message(%({"response":"Unauthorized","status":401,"http_method":"get"})) end end @@ -73,7 +73,7 @@ expect do request.call end.to raise_error(described_class::ForbiddenError) - .with_message("{:response=>\"Forbidden\", :status=>403, :http_method=>:get}") + .with_message(%({"response":"Forbidden","status":403,"http_method":"get"})) end end @@ -89,7 +89,7 @@ expect do request.call end.to raise_error(described_class::RecordNotFoundError) - .with_message("{:response=>\"Record not found\", :status=>404, :http_method=>:get}") + .with_message(%({"response":"Record not found","status":404,"http_method":"get"})) end end @@ -105,7 +105,7 @@ expect do request.call end.to raise_error(described_class::ApiError) - .with_message("{:response=>\"API error\", :status=>500, :http_method=>:get}") + .with_message(%({"response":"API error","status":500,"http_method":"get"})) end end @@ -121,7 +121,7 @@ expect do request.call end.to raise_error(described_class::TimeoutError) - .with_message("{:response=>\"Timeout Error\", :status=>504, :http_method=>:get}") + .with_message(%({"response":"Timeout Error","status":504,"http_method":"get"})) end end end