What about the security ramifications of logging potentially sensitive
information? IDs can be sensitive, but often far less than other fields.
There are legitimate use cases for using find_by on values that you'd
prefer not to be logged or known by the end user. Making
more-informative error presentation
code the responsibility of the application would seem like a good way for
the developer to vet their own code and decide what level of logging or
return value would be appropriate.
-john
On Monday, February 9, 2015, Ryan Bigg radarliste...@gmail.com wrote:
I think that sounds reasonable. Please submit a PR.
On 9 Feb 2015, at 03:07, Иван Бишевац ivan.bise...@gmail.com
javascript:_e(%7B%7D,'cvml','ivan.bise...@gmail.com'); wrote:
User.find(1)
for no record with gives:
def test_error_message
begin
User.find(1)
rescue ActiveRecord::RecordNotFound = e
message = e.message
end
assert_equal message, Couldn't find User with 'id'=1
end
I expected same behavior wiht find_by! method but it doesn't give so
descriptive message.
For example expected behavior should be:
def test_error_message_for_find_by!
begin
User.find_by(first_name: 'foo', last_name: 'bar')
rescue ActiveRecord::RecordNotFound = e
message = e.message
end
assert_equal message, Couldn't find User with 'first_name'='foo' and
'last_name'='bar'
end
but it doesn't work like this instead e.message is just general Couldn't
find User.
My use case is that I have API and on application_controller level I
defined rescue from:
ApplicationController ActionController::Base
rescue_from ActiveRecord::RecordNotFound, with: :record_not_found
def record_not_found(exception)
render json: { errors: [exception.message] }, status: 404
end
end
But in first case clients of API could guess what's error. But on second
example couldn't .
If maintainers agree I can submit pull request to change behavior.
--
You received this message because you are subscribed to the Google Groups
Ruby on Rails: Core group.
To unsubscribe from this group and stop receiving emails from it, send an
email to rubyonrails-core+unsubscr...@googlegroups.com
javascript:_e(%7B%7D,'cvml','rubyonrails-core%2bunsubscr...@googlegroups.com');
.
To post to this group, send email to rubyonrails-core@googlegroups.com
javascript:_e(%7B%7D,'cvml','rubyonrails-core@googlegroups.com');.
Visit this group at http://groups.google.com/group/rubyonrails-core.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
Ruby on Rails: Core group.
To unsubscribe from this group and stop receiving emails from it, send an
email to rubyonrails-core+unsubscr...@googlegroups.com
javascript:_e(%7B%7D,'cvml','rubyonrails-core%2bunsubscr...@googlegroups.com');
.
To post to this group, send email to rubyonrails-core@googlegroups.com
javascript:_e(%7B%7D,'cvml','rubyonrails-core@googlegroups.com');.
Visit this group at http://groups.google.com/group/rubyonrails-core.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups Ruby
on Rails: Core group.
To unsubscribe from this group and stop receiving emails from it, send an email
to rubyonrails-core+unsubscr...@googlegroups.com.
To post to this group, send email to rubyonrails-core@googlegroups.com.
Visit this group at http://groups.google.com/group/rubyonrails-core.
For more options, visit https://groups.google.com/d/optout.
