4c391e0e-519a-40cb-8ad3-354445f4ce03

Committed 12 Aug 2025 08:47PM UTC coverage: 85.348% (-10.0%) from 95.335%

Build # 4c391e0e-519a-40cb-8ad3-354445f4ce03

Build Type

push

circleci

Committed by

web-flow

Commit Message

[#5143] Use access restriction note as Aeon ItemInfo1 if available (#5173)

With this commit, if a user visits a record with an access
restrictions note and presses the Reading Room Request
button, they will get to an Aeon form with the 'Restrictions'
field pre-filled with the restriction note.

If the record does not have an access restrictions note,
the field will be pre-filled with 'Reading Room Access Only',
as it has been previously.

Closes #5143

Run Details

5493 of 6436 relevant lines covered (85.35%)

251.82 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

93.75

/lib/orangelight/middleware/invalid_parameter_handler.rb

# frozen_string_literal: true

# If the user enters a url that has invalid parameters
# this middleware will return a 400 status
# and the load balancer will display its own error page

module Orangelight
  module Middleware
    class InvalidParameterHandler
      def initialize(app)
        @app = app
      end

      def call(env)
        validate_for!(env)
        @app.call(env)
      rescue ActionController::BadRequest => bad_request_error
        raise bad_request_error if raise_error?(bad_request_error.message)

        Rails.logger.error "Invalid parameters passed in the request: #{bad_request_error} within the environment #{@request.inspect}"
        bad_request_response(env)
      end

      private

        def bad_request_body
          'Bad Request'
        end

        def bad_request_headers(env)
          {
            'Content-Type' => "#{request_content_type(env)}; charset=#{default_charset}",
            'Content-Length' => bad_request_body.bytesize.to_s
          }
        end

        def bad_request_response(env)
          [
            bad_request_status,
            bad_request_headers(env),
            [bad_request_body]
          ]
        end

        def bad_request_status
          400
        end

        def default_charset
          ActionDispatch::Response.default_charset
        end

        def default_content_type
          'text/html'
        end

        # Check if facet fields have empty value lists
        def facet_fields_values(params)
          facet_parameter = params.fetch(:f, [])
          raise ActionController::BadRequest, "Invalid facet parameter passed: #{facet_parameter}" unless facet_parameter.is_a?(Array) || facet_parameter.is_a?(Hash)

          facet_parameter.collect do |facet_field, value_list|
            raise ActionController::BadRequest, "Facet field #{facet_field} has a scalar value #{value_list}" if value_list.is_a?(String)

            next unless value_list.nil?
            raise ActionController::BadRequest, "Facet field #{facet_field} has a nil value"
          end
        end

        # Check if params have key with leading or trailing whitespaces
        def check_for_white_spaces(params)
          params.each_key do |k|
            next unless ((k[0].match?(/\s/) || k[-1].match?(/\s/)) && (k.is_a? String)) == true
            raise ActionController::BadRequest, "Param '#{k}' contains a space"
          end
        end

        ##
        # Previously, we were rescuing only from exceptions we recognized.
        # The problem with that is that there will be exceptions we don't recognize and
        # haven't been able to diagnose (see, e.g., https://github.com/pulibrary/orangelight/issues/1455)
        # and when those happen we want to provide the user with a graceful way forward,
        # not just an error screen. Therefore, we should rescue all errors, log the problem,
        # and redirect the user somewhere helpful.
        def raise_error?(_message)
          false
        end

        def request_content_type(env)
          request = request_for(env)
          request.formats.first || default_content_type
        end

        def request_for(env)
          ActionDispatch::Request.new(env.dup)
        end

        def valid_message_patterns
          [
            /invalid %-encoding/,
            /Facet field/,
            /Invalid facet/,
            /contains a space/
          ]
        end

        def validate_for!(env)
          # calling request.params is sufficient to trigger an error
          # see https://github.com/rack/rack/issues/337#issuecomment-46453404
          params = request_for(env).params
          check_for_white_spaces(params)
          facet_fields_values(params)
        end
    end
  end
end

1	# frozen_string_literal: true
2
3	# If the user enters a url that has invalid parameters
4	# this middleware will return a 400 status
5	# and the load balancer will display its own error page
6
7	module Orangelight	1✔
8	module Middleware	1✔
9	class InvalidParameterHandler	1✔
10	def initialize(app)	1✔
11	@app = app	7✔
12	end
13
14	def call(env)	1✔
15	validate_for!(env)	292✔
16	@app.call(env)	288✔
17	rescue ActionController::BadRequest => bad_request_error
18	raise bad_request_error if raise_error?(bad_request_error.message)	4✔
19
20	Rails.logger.error "Invalid parameters passed in the request: #{bad_request_error} within the environment #{@request.inspect}"	4✔
21	bad_request_response(env)	4✔
22	end
23
24	private	1✔
25
26	def bad_request_body	1✔
27	'Bad Request'	8✔
28	end
29
30	def bad_request_headers(env)	1✔
31	{
32	'Content-Type' => "#{request_content_type(env)}; charset=#{default_charset}",	4✔
33	'Content-Length' => bad_request_body.bytesize.to_s
34	}
35	end
36
37	def bad_request_response(env)	1✔
38	[
39	bad_request_status,	4✔
40	bad_request_headers(env),
41	[bad_request_body]
42	]
43	end
44
45	def bad_request_status	1✔
46	400	4✔
47	end
48
49	def default_charset	1✔
50	ActionDispatch::Response.default_charset	4✔
51	end
52
53	def default_content_type	1✔
54	'text/html'	×
55	end
56
57	# Check if facet fields have empty value lists
58	def facet_fields_values(params)	1✔
59	facet_parameter = params.fetch(:f, [])	289✔
60	raise ActionController::BadRequest, "Invalid facet parameter passed: #{facet_parameter}" unless facet_parameter.is_a?(Array) \|\| facet_parameter.is_a?(Hash)	289✔
61
62	facet_parameter.collect do \|facet_field, value_list\|	289✔
63	raise ActionController::BadRequest, "Facet field #{facet_field} has a scalar value #{value_list}" if value_list.is_a?(String)	15✔
64
65	next unless value_list.nil?	15✔
66	raise ActionController::BadRequest, "Facet field #{facet_field} has a nil value"	1✔
67	end
68	end
69
70	# Check if params have key with leading or trailing whitespaces
71	def check_for_white_spaces(params)	1✔
72	params.each_key do \|k\|	289✔
73	next unless ((k[0].match?(/\s/) \|\| k[-1].match?(/\s/)) && (k.is_a? String)) == true	513✔
74	raise ActionController::BadRequest, "Param '#{k}' contains a space"	×
75	end
76	end
77
78	##
79	# Previously, we were rescuing only from exceptions we recognized.
80	# The problem with that is that there will be exceptions we don't recognize and
81	# haven't been able to diagnose (see, e.g., https://github.com/pulibrary/orangelight/issues/1455)
82	# and when those happen we want to provide the user with a graceful way forward,
83	# not just an error screen. Therefore, we should rescue all errors, log the problem,
84	# and redirect the user somewhere helpful.
85	def raise_error?(_message)	1✔
86	false	4✔
87	end
88
89	def request_content_type(env)	1✔
90	request = request_for(env)	4✔
91	request.formats.first \|\| default_content_type	4✔
92	end
93
94	def request_for(env)	1✔
95	ActionDispatch::Request.new(env.dup)	296✔
96	end
97
98	def valid_message_patterns	1✔
99	[	×
100	/invalid %-encoding/,
101	/Facet field/,
102	/Invalid facet/,
103	/contains a space/
104	]
105	end
106
107	def validate_for!(env)	1✔
108	# calling request.params is sufficient to trigger an error
109	# see https://github.com/rack/rack/issues/337#issuecomment-46453404
110	params = request_for(env).params	292✔
111	check_for_white_spaces(params)	289✔
112	facet_fields_values(params)	289✔
113	end
114	end
115	end
116	end

pulibrary / orangelight / 4c391e0e-519a-40cb-8ad3-354445f4ce03

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous