1680: add generic error message to avoid leaking potential sensitive information

Author: kkoehn

app/services/task_service/push_external.rb

@@ -10,21 +10,25 @@ def initialize(zip:, account_link:)
 
     def execute
       response = self.class.connection.post(@account_link.push_url) {|request| request_parameters(request, @zip.string) }
-      return nil if response.success?
-      return I18n.t('tasks.export_external_confirm.not_authorized', account_link: @account_link.name) if response.status == 401
-
-      handle_error(message: response.body)
+      handle_response(response)
     rescue Faraday::ServerError => e
       handle_error(error: e, message: I18n.t('tasks.export_external_confirm.server_error', account_link: @account_link.name))
     rescue StandardError => e
-      handle_error(error: e)
+      handle_error(error: e, message: I18n.t('tasks.export_external_confirm.generic_error'))
     end
 
     private
 
-    def handle_error(message: nil, error: nil)
+    def handle_response(response)
+      return nil if response.success?
+      return I18n.t('tasks.export_external_confirm.not_authorized', account_link: @account_link.name) if response.status == 401
+
+      handle_error(message: response.body)
+    end
+
+    def handle_error(message:, error: nil)
       Sentry.capture_exception(error) if error.present?
-      ERB::Util.html_escape(message || error.to_s)
+      ERB::Util.html_escape(message)
     end
 
     def request_parameters(request, body)

config/locales/de/controllers/tasks.yml

@@ -8,6 +8,7 @@ de:
       error_alert: Die Aufgabe konnte nicht dupliziert werden.
     export_external_confirm:
       error: 'Der Export der Aufgabe (%{title}) ist fehlgeschlagen. <br><br> Fehler: %{error}'
+      generic_error: Ein unbekannter Fehler ist beim exportieren der Aufgabe aufgetreten.
       not_authorized: Die Autorisierung mit "%{account_link}" konnte nicht hergestellt werden. Ist der API-Schlüssel korrekt?
       server_error: Verbindung zu %{account_link} fehlgeschlagen. Gegenseite nicht erreichbar.
       success: Aufgabe (%{title}) erfolgreich exportiert.

config/locales/en/controllers/tasks.yml

@@ -8,6 +8,7 @@ en:
       error_alert: Task could not be duplicated
     export_external_confirm:
       error: 'Export of task (%{title}) failed. <br><br> Error: %{error}'
+      generic_error: An unknown error has occurred while exporting the task.
       not_authorized: Authorization with could not be established with "%{account_link}". Is the API Key correct?
       server_error: Connection to %{account_link} failed. Remote host unreachable.
       success: Task (%{title}) successfully exported.

spec/services/task_service/push_external_spec.rb

@@ -72,28 +72,22 @@
         let(:error) { Faraday::ServerError }
 
         before do
-          allow(Faraday).to receive(:new).and_return(connection)
+          allow(TaskService).to receive(:connection).and_return(connection)
           allow(connection).to receive(:post).and_raise(error)
         end
 
         it { is_expected.to eql I18n.t('tasks.export_external_confirm.server_error', account_link: account_link.name) }
-
-        context 'when another error occurs' do
-          let(:error) { 'another error' }
-
-          it { is_expected.to eql 'another error' }
-        end
       end
     end
 
     context 'when an error occurs' do
+      let(:error) { StandardError.new('Standard error occurred') }
+
       before do
-        # Un-memoize the connection to force a reconnection
-        described_class.instance_variable_set(:@connection, nil)
-        allow(Faraday).to receive(:new).and_raise(StandardError)
+        allow(TaskService).to receive(:connection).and_raise(error)
       end
 
-      it { is_expected.not_to be_nil }
+      it { is_expected.to eql I18n.t('tasks.export_external_confirm.generic_error') }
     end
   end
 end