mirror of
https://github.com/we-promise/sure.git
synced 2026-04-23 22:14:08 +00:00
7f17fbf6da
* fix(security): sanitize exception messages in API responses (FIX-11)
Replace raw e.message/error.message interpolations in response bodies
with generic error strings, and log class+message server-side. Prevents
leaking internal exception details (stack traces, SQL fragments, record
data) to API clients.
Covers:
- API v1 accounts, categories (index/show), holdings, sync, trades,
transactions (index/show/create/update/destroy), valuations
(show/create/update): replace "Error: #{e.message}" with
"An unexpected error occurred".
- API v1 auth: device-registration rescue paths now log
"[Auth] Device registration failed: ..." and respond with
"Failed to register device".
- WebhooksController#plaid and #plaid_eu: log full error and respond
with "Invalid webhook".
- Settings::ProvidersController: generic user-facing flash alert,
detailed log line with error class + message.
Updates providers_controller_test assertion to match sanitized flash.
* fix(security): address CodeRabbit review
Major — partial-commit on device registration failure:
- Strengthened valid_device_info? to also run MobileDevice's model
validations up-front (device_type inclusion, attribute presence), not
just a flat "are the keys present?" check. A client that sends a bad
device_type ("windows", etc.) is now rejected at the API boundary
BEFORE signup commits any user/family/invite state.
- Wrapped the signup path (user.save + InviteCode.claim + MobileDevice
upsert + token issuance) in ActiveRecord::Base.transaction. A
post-save RecordInvalid from device registration (e.g., racing
uniqueness on device_id) now rolls back the user/invite/family so
clients don't see a partial-account state.
- Rescue branch logs the exception class + message ("#{e.class} - #{e.message}")
for better postmortem debugging, matching the providers controller
pattern.
Nit:
- Tightened providers_controller_test log expectation regex to assert on
both the exception class name AND the message ("StandardError - Database
error"), so a regression that drops either still fails the test.
Tests:
- New: "should reject signup with invalid device_type before committing
any state" — POST /api/v1/auth/signup with device_type="windows"
returns 400 AND asserts no User, MobileDevice, or Doorkeeper::AccessToken
row was created.
Note on SSO path (sso_exchange → issue_mobile_tokens, lines 173/225): the
device_info in those flows comes from Rails.cache (populated by an earlier
request that already passed valid_device_info?), so the pre-validation
covers it indirectly. Wrapping the full SSO account creation (user +
invitation + OidcIdentity + issue_mobile_tokens) in one transaction would
be a meaningful architectural cleanup but is out of scope for this
error-hygiene PR — filed it as a mental note for a follow-up.
150 lines
6.1 KiB
Ruby
150 lines
6.1 KiB
Ruby
class Settings::ProvidersController < ApplicationController
|
|
layout "settings"
|
|
|
|
before_action :ensure_admin, only: [ :show, :update ]
|
|
|
|
def show
|
|
@breadcrumbs = [
|
|
[ "Home", root_path ],
|
|
[ "Bank Sync Providers", nil ]
|
|
]
|
|
|
|
prepare_show_context
|
|
rescue ActiveRecord::Encryption::Errors::Configuration => e
|
|
Rails.logger.error("Active Record Encryption not configured: #{e.message}")
|
|
@encryption_error = true
|
|
end
|
|
|
|
def update
|
|
# Build index of valid configurable fields with their metadata
|
|
Provider::Factory.ensure_adapters_loaded
|
|
valid_fields = {}
|
|
Provider::ConfigurationRegistry.all.each do |config|
|
|
config.fields.each do |field|
|
|
valid_fields[field.setting_key.to_s] = field
|
|
end
|
|
end
|
|
|
|
updated_fields = []
|
|
|
|
# Perform all updates within a transaction for consistency
|
|
Setting.transaction do
|
|
provider_params.each do |param_key, param_value|
|
|
# Only process keys that exist in the configuration registry
|
|
field = valid_fields[param_key.to_s]
|
|
next unless field
|
|
|
|
# Clean the value and convert blank/empty strings to nil
|
|
value = param_value.to_s.strip
|
|
value = nil if value.empty?
|
|
|
|
# For secret fields only, skip placeholder values to prevent accidental overwrite
|
|
if field.secret && value == "********"
|
|
next
|
|
end
|
|
|
|
key_str = field.setting_key.to_s
|
|
|
|
# Check if the setting is a declared field in setting.rb
|
|
# Use method_defined? to check if the setter actually exists on the singleton class,
|
|
# not just respond_to? which returns true for dynamic fields due to respond_to_missing?
|
|
if Setting.singleton_class.method_defined?("#{key_str}=")
|
|
# If it's a declared field (e.g., openai_model), set it directly.
|
|
# This is safe and uses the proper setter.
|
|
Setting.public_send("#{key_str}=", value)
|
|
else
|
|
# If it's a dynamic field, set it as an individual entry
|
|
# Each field is stored independently, preventing race conditions
|
|
Setting[key_str] = value
|
|
end
|
|
|
|
updated_fields << param_key
|
|
end
|
|
end
|
|
|
|
if updated_fields.any?
|
|
# Reload provider configurations if needed
|
|
reload_provider_configs(updated_fields)
|
|
|
|
redirect_to settings_providers_path, notice: "Provider settings updated successfully"
|
|
else
|
|
redirect_to settings_providers_path, notice: "No changes were made"
|
|
end
|
|
rescue => error
|
|
Rails.logger.error("Failed to update provider settings: #{error.class} - #{error.message}")
|
|
flash.now[:alert] = "Failed to update provider settings. Please try again."
|
|
prepare_show_context
|
|
render :show, status: :unprocessable_entity
|
|
end
|
|
|
|
private
|
|
def provider_params
|
|
# Dynamically permit all provider configuration fields
|
|
Provider::Factory.ensure_adapters_loaded
|
|
permitted_fields = []
|
|
|
|
Provider::ConfigurationRegistry.all.each do |config|
|
|
config.fields.each do |field|
|
|
permitted_fields << field.setting_key
|
|
end
|
|
end
|
|
|
|
params.require(:setting).permit(*permitted_fields)
|
|
end
|
|
|
|
def ensure_admin
|
|
redirect_to settings_providers_path, alert: "Not authorized" unless Current.user.admin?
|
|
end
|
|
|
|
# Reload provider configurations after settings update
|
|
def reload_provider_configs(updated_fields)
|
|
# Build a set of provider keys that had fields updated
|
|
updated_provider_keys = Set.new
|
|
|
|
# Look up the provider key directly from the configuration registry
|
|
updated_fields.each do |field_key|
|
|
Provider::ConfigurationRegistry.all.each do |config|
|
|
field = config.fields.find { |f| f.setting_key.to_s == field_key.to_s }
|
|
if field
|
|
updated_provider_keys.add(field.provider_key)
|
|
break
|
|
end
|
|
end
|
|
end
|
|
|
|
# Reload configuration for each updated provider
|
|
updated_provider_keys.each do |provider_key|
|
|
adapter_class = Provider::ConfigurationRegistry.get_adapter_class(provider_key)
|
|
adapter_class&.reload_configuration
|
|
end
|
|
end
|
|
|
|
# Prepares instance vars needed by the show view and partials
|
|
def prepare_show_context
|
|
# Load all provider configurations (exclude SimpleFin and Lunchflow, which have their own family-specific panels below)
|
|
Provider::Factory.ensure_adapters_loaded
|
|
@provider_configurations = Provider::ConfigurationRegistry.all.reject do |config|
|
|
config.provider_key.to_s.casecmp("simplefin").zero? || config.provider_key.to_s.casecmp("lunchflow").zero? || \
|
|
config.provider_key.to_s.casecmp("enable_banking").zero? || \
|
|
config.provider_key.to_s.casecmp("sophtron").zero? || \
|
|
config.provider_key.to_s.casecmp("coinstats").zero? || \
|
|
config.provider_key.to_s.casecmp("mercury").zero? || \
|
|
config.provider_key.to_s.casecmp("coinbase").zero? || \
|
|
config.provider_key.to_s.casecmp("snaptrade").zero? || \
|
|
config.provider_key.to_s.casecmp("indexa_capital").zero?
|
|
end
|
|
|
|
# Providers page only needs to know whether any SimpleFin/Lunchflow connections exist with valid credentials
|
|
@simplefin_items = Current.family.simplefin_items.where.not(access_url: [ nil, "" ]).ordered.select(:id)
|
|
@lunchflow_items = Current.family.lunchflow_items.where.not(api_key: [ nil, "" ]).ordered.select(:id)
|
|
@enable_banking_items = Current.family.enable_banking_items.ordered # Enable Banking panel needs session info for status display
|
|
# Providers page only needs to know whether any Sophtron connections exist with valid credentials
|
|
@sophtron_items = Current.family.sophtron_items.where.not(user_id: [ nil, "" ], access_key: [ nil, "" ]).ordered.select(:id)
|
|
@coinstats_items = Current.family.coinstats_items.ordered # CoinStats panel needs account info for status display
|
|
@mercury_items = Current.family.mercury_items.ordered.select(:id)
|
|
@coinbase_items = Current.family.coinbase_items.ordered # Coinbase panel needs name and sync info for status display
|
|
@snaptrade_items = Current.family.snaptrade_items.includes(:snaptrade_accounts).ordered
|
|
@indexa_capital_items = Current.family.indexa_capital_items.ordered.select(:id)
|
|
end
|
|
end
|