[webui] Enable exception_notification plugin again

openSUSE · Nov 7, 2012 · a4a3470 · a4a3470
1 parent c99209b
commit a4a3470
Show file tree

Hide file tree

Showing 9 changed files with 30 additions and 56 deletions.
diff --git a/src/webui/Gemfile b/src/webui/Gemfile
@@ -34,7 +34,7 @@ gem 'mysql2'
 gem 'nokogiri', '~>1.5.0'
 gem 'delayed_job', '>3.0'
 gem 'delayed_job_active_record'
-gem 'exception_notification', '>=2.3'
+gem 'exception_notification'
 gem 'yajl-ruby'
 gem 'rdoc'
 gem 'xmlhash', '>=1.3.2'

diff --git a/src/webui/Gemfile.lock b/src/webui/Gemfile.lock
@@ -173,7 +173,7 @@ DEPENDENCIES
   cssmin (>= 1.0.2)
   delayed_job (> 3.0)
   delayed_job_active_record
-  exception_notification (>= 2.3)
+  exception_notification
   fast_xs
   jquery-datatables-rails
   jquery-rails

diff --git a/src/webui/app/controllers/application_controller.rb b/src/webui/app/controllers/application_controller.rb
@@ -99,9 +99,9 @@ def authenticate_proxy
   end
 
   def authenticate_form_auth
-    if session[:login] and session[:passwd]
+    if session[:login] and session[:password]
       # pass credentials to transport plugin, TODO: is this thread safe?
-      ActiveXML::transport.login session[:login], session[:passwd]
+      ActiveXML::transport.login session[:login], session[:password]
     end
   end
 
@@ -155,22 +155,6 @@ def reset_activexml
     transport.delete_additional_header 'Authorization'
   end
 
-  def strip_sensitive_data_from(request)
-    # Strip HTTP_AUTHORIZATION header that contains the user's password
-    # try to get it where mod_rewrite might have put it
-    request.env["X-HTTP_AUTHORIZATION"] = "STRIPPED" if request.env.has_key? "X-HTTP_AUTHORIZATION"
-    # for Apace/mod_fastcgi with -pass-header Authorization
-    request.env["Authorization"] = "STRIPPED" if request.env.has_key? "Authorization"
-    # this is the regular location
-    request.env["HTTP_AUTHORIZATION"] = "STRIPPED" if request.env.has_key? "HTTP_AUTHORIZATION"
-    return request
-  end
-  private :strip_sensitive_data_from
-
-  def show_detailed_exceptions?
-     true
-  end
-
   def rescue_with_handler( exception )
     logger.error "rescue_action: caught #{exception.class}: #{exception.message} " # + exception.backtrace.join("\n")
     begin
@@ -192,7 +176,6 @@ def rescue_with_handler( exception )
       elsif code == "unconfirmed_user"
         render :template => "user/unconfirmed" and return
       else
-        #ExceptionNotifier.deliver_exception_notification(exception, self, strip_sensitive_data_from(request), {}) if send_exception_mail?
         if @user
           render_error :status => 403, :message => message
         else
@@ -203,7 +186,6 @@ def rescue_with_handler( exception )
       # do not try to access user
       @user = nil
       session[:login] = nil
-      #ExceptionNotifier.deliver_exception_notification(exception, self, strip_sensitive_data_from(request), {}) if send_exception_mail?
       render_error :status => 401, :message => 'Unauthorized access, please login'
     when ActionController::InvalidAuthenticityToken
       render_error :status => 401, :message => 'Invalid authenticity token'
@@ -212,7 +194,6 @@ def rescue_with_handler( exception )
     when Timeout::Error
       render :template => "timeout" and return
     when ValidationError
-      ExceptionNotifier.deliver_exception_notification(exception, self, strip_sensitive_data_from(request), {}) if send_exception_mail?
       render :template => "xml_errors", :locals => { :oldbody => exception.xml, :errors => exception.errors }, :status => 400
     when MissingParameterError 
       render_error :status => 400, :message => message
@@ -222,8 +203,8 @@ def rescue_with_handler( exception )
       # The api sometimes sends responses without a proper "Status:..." line (when it restarts?)
       render_error :message => "Unable to connect to API host. (#{CONFIG['frontend_host']})", :status => 503
     else
-      if code != 404 && send_exception_mail?
-        ExceptionNotifier.deliver_exception_notification(exception, self, strip_sensitive_data_from(request), {})
+      if code != 404 && Rails.application.config.middleware.include?("ExceptionNotifier")
+        ExceptionNotifier::Notifier.exception_notification(request.env, exception).deliver
       end
       render_error :status => 400, :code => code, :message => message,
         :exception => exception, :api_exception => api_exception
@@ -241,8 +222,8 @@ def render_error( opt={} )
     @status = opt[:status] || 400
     @code = opt[:code] || @status
     @message = opt[:message] || "No message set"
-    @exception = opt[:exception] if show_detailed_exceptions?
-    @api_exception = opt[:api_exception] if show_detailed_exceptions?
+    @exception = opt[:exception] if Rails.application.config.consider_all_requests_local
+    @api_exception = opt[:api_exception] if Rails.application.config.consider_all_requests_local
     logger.debug "ERROR: #{@code}; #{@message}"
     if @exception
       bt = @exception.backtrace.find_all {|line| line.start_with? Rails.root.to_s }.join("\n")
@@ -290,10 +271,6 @@ def find_hashed(classname, *args)
     ret.to_hash
   end
 
-  def send_exception_mail?
-    return !show_detailed_exceptions? && !Rails.env.development? && ExceptionNotifier.exception_recipients && ExceptionNotifier.exception_recipients.length > 0
-  end
-
   def instantiate_controller_and_action_names
     @current_action = action_name
     @current_controller = controller_name

diff --git a/src/webui/app/controllers/user_controller.rb b/src/webui/app/controllers/user_controller.rb
@@ -32,7 +32,7 @@ def do_login
     if params[:username] and params[:password]
       logger.debug "Doing form authorization to login user #{params[:username]}"
       session[:login] = params[:username]
-      session[:passwd] = params[:password]
+      session[:password] = params[:password]
       authenticate_form_auth
       begin
         p = Person.find( session[:login] )
@@ -115,7 +115,7 @@ def register
     end
 
     session[:login] = login
-    session[:passwd] = unreg_person_opts[:password]
+    session[:password] = unreg_person_opts[:password]
     authenticate_form_auth
 
     flash[:success] = "Your buildservice account is now active."
@@ -128,7 +128,7 @@ def register_user
   def change_password
     valid_http_methods(:post)
     # check the valid of the params  
-    if not params[:current_password] == session[:passwd]
+    if not params[:current_password] == session[:password]
       errmsg = "The value of current password does not match your current password. Please enter the password and try again."
     end
     if not params[:new_password] == params[:password_confirmation]
@@ -151,7 +151,7 @@ def change_password
 
     begin
       if changepwd.save(:create => true)
-        session[:passwd] = params[:new_password]
+        session[:password] = params[:new_password]
         flash[:success] = "Your password has been changed successfully."
         redirect_to :controller => :home, :action => :index
         return

diff --git a/src/webui/app/views/exception_notifier/_environment.html.erb b/src/webui/app/views/exception_notifier/_environment.html.erb
diff --git a/src/webui/app/views/exception_notifier/_session.text.erb b/src/webui/app/views/exception_notifier/_session.text.erb
@@ -0,0 +1,10 @@
+<% filtered_session = @request.session.to_hash -%>
+
+* session id: <%= @request.ssl? ? "[FILTERED]" : (raw (@request.session['session_id'] || @request.env["rack.session.options"][:id]).inspect.html_safe) %>
+* login: <%= raw PP.singleline_pp(filtered_session["login"], "") %>
+* token: <%= raw PP.singleline_pp(filtered_session["_csrf_token"], "") %>
+<%if false %>
+* password: <%= raw PP.singleline_pp(filtered_session["password"], "") %> %>
+<% end %>
+* password: "[FILTERED]"
+
diff --git a/src/webui/config/application.rb b/src/webui/config/application.rb
@@ -90,10 +90,8 @@ class Application < Rails::Application
 
     config.exceptions_app = self.routes
 
-    # See Rails::Configuration for more options
     config.after_initialize do
-      #ExceptionNotifier.exception_recipients = CONFIG["exception_recipients"]
-      #ExceptionNotifier.sender_address = CONFIG["exception_sender"]
+      # See Rails::Configuration for more options
     end unless Rails.env.test?
 
   end

diff --git a/src/webui/config/environment.rb b/src/webui/config/environment.rb
@@ -25,12 +25,6 @@
 
 require 'ostruct'
 
-# Exception notifier plugin configuration
-#TODO: Find replacement:
-# ExceptionNotifier.sender_address = '"OBS Webclient" <admin@opensuse.org>'
-# ExceptionNotifier.email_prefix = '[OBS WebUI Error] '
-# ExceptionNotifier.exception_recipients = CONFIG['exception_recipients']
-
 SOURCEREVISION = 'master'
 begin
   SOURCEREVISION = File.open("#{Rails.root}/REVISION").read

diff --git a/src/webui/config/environments/production.rb b/src/webui/config/environments/production.rb
@@ -62,6 +62,13 @@
   # Log the query plan for queries taking more than this (works
   # with SQLite, MySQL, and PostgreSQL)
   # config.active_record.auto_explain_threshold_in_seconds = 0.5
+
+  # Exception notifications via ExceptionNotifier
+  # config.middleware.use ExceptionNotifier, 
+  # :email_prefix => "[OBS WebUI Error] ", 
+  # :sender_address => %{"OBS Webclient" <admin@opensuse.org>}, 
+  # :exception_recipients => %w{obs-errors@opensuse.org}
+
 end
 
 # Enable the interface to change user's password, it can be one of 'on', 'off'