Issue #1622: add methods PublicError, PublicErrorScreen and PublicFat…

…alError These methode do not print the last error and the last stacktrace. Consistently use the new methods in the public interface
RotherOSS · Feb 18, 2022 · df98c90 · df98c90
1 parent 68f74fc
commit df98c90
Show file tree

Hide file tree

Showing 4 changed files with 89 additions and 12 deletions.
diff --git a/Kernel/Modules/PublicCalendar.pm b/Kernel/Modules/PublicCalendar.pm
@@ -46,7 +46,7 @@ sub Run {
     for my $Needed (qw(CalendarID User Token)) {
         $GetParam{$Needed} = $ParamObject->GetParam( Param => $Needed );
         if ( !$GetParam{$Needed} ) {
-            return $LayoutObject->CustomerErrorScreen(
+            return $LayoutObject->PublicErrorScreen(
                 Message => $LayoutObject->{LanguageObject}->Translate( 'No %s!', $Needed ),
                 Comment => Translatable('Please contact the administrator.'),
             );
@@ -59,7 +59,7 @@ sub Run {
         Valid => 1,
     );
     if ( !%User ) {
-        return $LayoutObject->ErrorScreen(
+        return $LayoutObject->PublicErrorScreen(
             Message => Translatable('No such user!'),
             Comment => Translatable('Please contact the administrator.'),
         );
@@ -74,14 +74,14 @@ sub Run {
     );
 
     if ( !%Calendar ) {
-        return $LayoutObject->ErrorScreen(
+        return $LayoutObject->PublicErrorScreen(
             Message => Translatable('No permission!'),
             Comment => Translatable('Please contact the administrator.'),
         );
     }
 
     if ( $Calendar{ValidID} != 1 ) {
-        return $LayoutObject->ErrorScreen(
+        return $LayoutObject->PublicErrorScreen(
             Message => Translatable('Invalid calendar!'),
             Comment => Translatable('Please contact the administrator.'),
         );
@@ -94,7 +94,7 @@ sub Run {
     );
 
     if ( $AccessToken ne $GetParam{Token} ) {
-        return $LayoutObject->ErrorScreen(
+        return $LayoutObject->PublicErrorScreen(
             Message => Translatable('Invalid URL!'),
             Comment => Translatable('Please contact the administrator.'),
         );
@@ -107,7 +107,7 @@ sub Run {
     );
 
     if ( !$ICalString ) {
-        return $LayoutObject->ErrorScreen(
+        return $LayoutObject->PublicErrorScreen(
             Message => Translatable('There was an error exporting the calendar!'),
             Comment => Translatable('Please contact the administrator.'),
         );

diff --git a/Kernel/Modules/PublicRepository.pm b/Kernel/Modules/PublicRepository.pm
@@ -42,15 +42,15 @@ sub Run {
     my $LayoutObject        = $Kernel::OM->Get('Kernel::Output::HTML::Layout');
 
     if ( !$AccessControlRexExp ) {
-        return $LayoutObject->CustomerErrorScreen(
+        return $LayoutObject->PublicErrorScreen(
             Message => Translatable('Need config Package::RepositoryAccessRegExp'),
         );
     }
     else {
         my $ParamObject = $Kernel::OM->Get('Kernel::System::Web::Request');
         my $RemoteAddr  = $ParamObject->RemoteAddr() || '';
         if ( $RemoteAddr !~ /^$AccessControlRexExp$/ ) {
-            return $LayoutObject->CustomerErrorScreen(
+            return $LayoutObject->PublicErrorScreen(
                 Message =>
                     $LayoutObject->{LanguageObject}->Translate( 'Authentication failed from %s!', $RemoteAddr ),
             );

diff --git a/Kernel/Output/HTML/Layout.pm b/Kernel/Output/HTML/Layout.pm
@@ -4978,6 +4978,72 @@ sub CustomerNoPermission {
     return $Output;
 }
 
+# similar to CustomerError() but neither the last log message nor the backtrace is printed
+sub PublicError {
+    my ( $Self, %Param ) = @_;
+
+    # create & return output, using the same layout as in the customer interface
+    return $Self->Output(
+        TemplateFile => 'CustomerError',
+        Data         => \%Param
+    );
+}
+
+# using PublicError() internally
+sub PublicFatalError {
+    my ( $Self, %Param ) = @_;
+
+    # Prevent endless recursion in case of problems with Template engine.
+    return if $Self->{InFatalError}++;
+
+    if ( $Param{Message} ) {
+        $Kernel::OM->Get('Kernel::System::Log')->Log(
+            Caller   => 1,
+            Priority => 'error',
+            Message  => $Param{Message},
+        );
+    }
+
+    my $Output = join '',
+        $Self->CustomerHeader(
+            Area  => 'Frontend',
+            Title => 'Fatal Error'
+        ),
+        $Self->PublicError(%Param), # without last error message and without last traceback
+        $Self->CustomerFooter();
+
+    # Modify the output by applying the output filters.
+    $Output = $Self->ApplyOutputFilters( Output => $Output );
+
+    # The Content-Length will be set later in the middleware Plack::Middleware::ContentLength. This requires that
+    # there are no multi-byte characters in the delivered content. This is because the middleware
+    # uses core::length() for determining the content length.
+    $Kernel::OM->Get('Kernel::System::Encode')->EncodeOutput( \$Output );
+
+    # The OTOBO response object already has the HTPP headers.
+    # Enhance it with the HTTP status code and the content.
+    my $PlackResponse = Plack::Response->new(
+        200,
+        $Kernel::OM->Get('Kernel::System::Web::Response')->Headers(),
+        $Output
+    );
+
+    # The exception is caught be Plack::Middleware::HTTPExceptions
+    die Kernel::System::Web::Exception->new(
+        PlackResponse => $PlackResponse
+    );
+}
+
+# using PublicError() internally
+sub PublicErrorScreen {
+    my ( $Self, %Param ) = @_;
+
+    return join '',
+        $Self->CustomerHeader( Title => 'Error' ),
+        $Self->PublicError(%Param),
+        $Self->CustomerFooter();
+}
+
 =head2 Ascii2RichText()
 
 converts text to rich text

diff --git a/Kernel/System/Web/InterfacePublic.pm b/Kernel/System/Web/InterfacePublic.pm
@@ -207,21 +207,29 @@ sub Content {
     my $LayoutObject = $Kernel::OM->Get('Kernel::Output::HTML::Layout');
 
     if ( !$DBCanConnect ) {
-        $LayoutObject->CustomerFatalError(
+
+        # Show error without showing neither the last logmessage not the last traceback.
+        $LayoutObject->PublicFatalError(
+            Message => Translatable('Could not connect to the database.'),
             Comment => Translatable('Please contact the administrator.'),
         );    # throws a Kernel::System::Web::Exception
     }
 
     if ( $ParamObject->Error() ) {
-        $LayoutObject->CustomerFatalError(
+
+        # Show error without showing neither the last logmessage not the last traceback.
+        $LayoutObject->PublicFatalError(
             Message => $ParamObject->Error(),
             Comment => Translatable('Please contact the administrator.'),
         );    # throws a Kernel::System::Web::Exception
     }
 
     # run modules if a version value exists
     if ( !$Kernel::OM->Get('Kernel::System::Main')->Require("Kernel::Modules::$Param{Action}") ) {
-        $LayoutObject->CustomerFatalError(
+
+        # Show error without showing neither the last logmessage not the last traceback.
+        $LayoutObject->PublicFatalError(
+            Message => sprintf( Translatable(q{The action '%s' is not available.}), $Param{Action} ),
             Comment => Translatable('Please contact the administrator.'),
         );    # throws a Kernel::System::Web::Exception
     }
@@ -234,7 +242,10 @@ sub Content {
             Message  =>
                 "Module Kernel::Modules::$Param{Action} not registered in Kernel/Config.pm!",
         );
-        $LayoutObject->CustomerFatalError(
+
+        # Show error without showing neither the last logmessage not the last traceback.
+        $LayoutObject->PublicFatalError(
+            Message => sprintf( Translatable(q{The action '%s' is not allowed.}), $Param{Action} ),
             Comment => Translatable('Please contact the administrator.'),
         );    # throws a Kernel::System::Web::Exception
     }