Conversation
|
Typically not a fan of comments, but I think the places where we are rescuing here may benefit from a comment explaining the error case it is protecting against since it isn't immediately clear. |
There was a problem hiding this comment.
I don't think this is the correct diagnosis of this error. I think we have an incident in production. I see a bunch of legitimate USAJOBS users running into this. Take a look at the Exception Notification logs in our Google group.
There was a problem hiding this comment.
Yes. I see it. I'll remove this one. I'm surprised it took 4 days to notice.
There was a problem hiding this comment.
Are you sure raising an encryption error doesn't actually fix the problem?
There was a problem hiding this comment.
We should probably be guarding against nil in .verify instead.
E.g.
def verify(digest, password)
return false if password.empty?
# ...
endThere was a problem hiding this comment.
Sounds reasonable.
There was a problem hiding this comment.
I think I'll leave the TypeError rescue in as well.
|
Looks like CodeClimate is made about line length. You may end up needing to move some of the verification logic into a private function somewhere. |
stevegsa
force-pushed
the
stevegsa-fix-misc-500-errors
branch
from
7536b19 to
9bbdd23
Compare
Why: We should properly capture error conditions in our code How: Rescue known error conditions and translate them into actionable errors and return an appropriate http status code
stevegsa
force-pushed
the
stevegsa-fix-misc-500-errors
branch
from
cd1a66a to
5962901
Compare
3 participants
Why: We should properly capture error conditions in our code
How: Rescue known error conditions and translate them into actionable errors and return an appropriate http status code
Hi! Before submitting your PR for review, and/or before merging it, please
go through the following checklist:
For DB changes, check for missing indexes, check to see if the changes
affect other apps (such as the dashboard), make sure the DB columns in the
various environments are properly populated, coordinate with devops, plan
migrations in separate steps.
For route changes, make sure GET requests don't change state or result in
destructive behavior. GET requests should only result in information being
read, not written.
For encryption changes, make sure it is compatible with data that was
encrypted with the old code.
For secrets changes, make sure to update the S3 secrets bucket with the
new configs in all environments.
Do not disable Rubocop or Reek offenses unless you are absolutely sure
they are false positives. If you're not sure how to fix the offense, please
ask a teammate.
When reading data, write tests for nil values, empty strings,
and invalid formats.
When calling
redirect_toin a controller, use_url, not_path.When adding user data to the session, use the
user_sessionhelperinstead of the
sessionhelper so the data does not persist beyond the user'ssession.
When adding a new controller that requires the user to be fully
authenticated, make sure to add
before_action :confirm_two_factor_authenticated.