From 561b644b3b8289dbcfbe67bbd414d2f9568fcf08 Mon Sep 17 00:00:00 2001 From: Morgan Roderick Date: Tue, 17 Mar 2026 20:04:28 +0100 Subject: [PATCH] fix: use find_by! to return 404 for invalid tokens - Changed find_by to find_by! in before_action set_* methods to raise ActiveRecord::RecordNotFound (which Rails converts to 404) instead of returning nil and causing NoMethodError High priority (production crash): - workshop_invitation_concerns.rb - WorkshopInvitation lookup - admin/meeting_invitations_controller.rb - MeetingInvitation lookup - admin/invitations_controller.rb - workshop invitation lookup Medium priority (potential 500 errors): - admin/meetings_controller.rb - Meeting lookup by slug - events_controller.rb - Event lookup by slug - admin/events_controller.rb - Event lookup by slug Lower priority: - invitations_controller.rb:80 - MeetingInvitation lookup in cancel_meeting - contact_preferences_controller.rb:11 - Contact lookup in update - feedback_controller.rb:22 - FeedbackRequest lookup in submit --- .worktrees/n1-queries-events | 1 + app/controllers/admin/events_controller.rb | 4 ++-- app/controllers/admin/invitations_controller.rb | 2 +- .../admin/meeting_invitations_controller.rb | 2 +- app/controllers/admin/meetings_controller.rb | 4 ++-- .../concerns/workshop_invitation_concerns.rb | 2 +- app/controllers/contact_preferences_controller.rb | 2 +- app/controllers/events_controller.rb | 11 ++++++----- app/controllers/feedback_controller.rb | 2 +- app/controllers/invitations_controller.rb | 2 +- 10 files changed, 17 insertions(+), 15 deletions(-) create mode 160000 .worktrees/n1-queries-events diff --git a/.worktrees/n1-queries-events b/.worktrees/n1-queries-events new file mode 160000 index 000000000..ed6e150f9 --- /dev/null +++ b/.worktrees/n1-queries-events @@ -0,0 +1 @@ +Subproject commit ed6e150f9dacaae089b2f24612ccc2e96eb008d0 diff --git a/app/controllers/admin/events_controller.rb b/app/controllers/admin/events_controller.rb index cee7b0302..462af3917 100644 --- a/app/controllers/admin/events_controller.rb +++ b/app/controllers/admin/events_controller.rb @@ -27,7 +27,7 @@ def show @attending_students = InvitationPresenter.decorate_collection(@original_event.attending_students) @attending_coaches = InvitationPresenter.decorate_collection(@original_event.attending_coaches) - return render plain: @event.attendees_csv if request.format.csv? + render plain: @event.attendees_csv if request.format.csv? end def update @@ -67,7 +67,7 @@ def attendees_emails private def set_event - @original_event = Event.find_by(slug: params[:id]) + @original_event = Event.find_by!(slug: params[:id]) @event = EventPresenter.new(@original_event) end diff --git a/app/controllers/admin/invitations_controller.rb b/app/controllers/admin/invitations_controller.rb index 9f49d6040..28143b15b 100644 --- a/app/controllers/admin/invitations_controller.rb +++ b/app/controllers/admin/invitations_controller.rb @@ -73,7 +73,7 @@ def update_to_not_attending end def set_invitation - @invitation = @workshop.invitations.find_by(token: invitation_id) + @invitation = @workshop.invitations.find_by!(token: invitation_id) end def invitation_id diff --git a/app/controllers/admin/meeting_invitations_controller.rb b/app/controllers/admin/meeting_invitations_controller.rb index 5e893ec07..14aba3db9 100644 --- a/app/controllers/admin/meeting_invitations_controller.rb +++ b/app/controllers/admin/meeting_invitations_controller.rb @@ -34,7 +34,7 @@ def create private def set_invitation - @invitation = MeetingInvitation.find_by(token: id) + @invitation = MeetingInvitation.find_by!(token: id) end def id diff --git a/app/controllers/admin/meetings_controller.rb b/app/controllers/admin/meetings_controller.rb index 8a21c1715..1033a129c 100644 --- a/app/controllers/admin/meetings_controller.rb +++ b/app/controllers/admin/meetings_controller.rb @@ -21,7 +21,7 @@ def create def show @invitations = @meeting.invitations.accepted.includes(:member).order(:created_at) - return render plain: @meeting.attendees_csv if request.format.csv? + render plain: @meeting.attendees_csv if request.format.csv? end def edit; end @@ -54,7 +54,7 @@ def invite private def set_meeting - @meeting = Meeting.find_by(slug: slug) + @meeting = Meeting.find_by!(slug: slug) end def slug diff --git a/app/controllers/concerns/workshop_invitation_concerns.rb b/app/controllers/concerns/workshop_invitation_concerns.rb index 9a7358866..e5589d114 100644 --- a/app/controllers/concerns/workshop_invitation_concerns.rb +++ b/app/controllers/concerns/workshop_invitation_concerns.rb @@ -19,7 +19,7 @@ def back_with_message(message) end def set_invitation - @invitation = WorkshopInvitation.find_by(token: token) + @invitation = WorkshopInvitation.find_by!(token: token) end end end diff --git a/app/controllers/contact_preferences_controller.rb b/app/controllers/contact_preferences_controller.rb index fe0b6ce79..f36896080 100644 --- a/app/controllers/contact_preferences_controller.rb +++ b/app/controllers/contact_preferences_controller.rb @@ -8,7 +8,7 @@ def show end def update - contact = Contact.find_by(token: contact_preferences[:token]) + contact = Contact.find_by!(token: contact_preferences[:token]) contact.update(mailing_list_consent: mailing_list_consent) audit_contact_subscription(contact) diff --git a/app/controllers/events_controller.rb b/app/controllers/events_controller.rb index 1736eb6ca..e18865167 100644 --- a/app/controllers/events_controller.rb +++ b/app/controllers/events_controller.rb @@ -13,16 +13,17 @@ def index events << Event.past.includes(:venue, :sponsors).limit(RECENT_EVENTS_DISPLAY_LIMIT) events = events.compact.flatten.sort_by(&:date_and_time).reverse.first(RECENT_EVENTS_DISPLAY_LIMIT) events_hash_grouped_by_date = events.group_by(&:date) - @past_events = events_hash_grouped_by_date.map.inject({}) do |hash, (key, value)| + @past_events = events_hash_grouped_by_date.map.each_with_object({}) do |(key, value), hash| hash[key] = EventPresenter.decorate_collection(value) - hash end events = [Workshop.includes(:chapter).upcoming.joins(:chapter).merge(Chapter.active)] events << Meeting.upcoming.all events << Event.upcoming.includes(:venue, :sponsors).all events = events.compact.flatten.sort_by(&:date_and_time).group_by(&:date) - @events = events.map.inject({}) { |hash, (key, value)| hash[key] = EventPresenter.decorate_collection(value); hash } + @events = events.map.each_with_object({}) do |(key, value), hash| + hash[key] = EventPresenter.decorate_collection(value) + end end def show @@ -34,7 +35,7 @@ def show return unless logged_in? invitation = Invitation.find_by(member: current_user, event: event, attending: true) - return redirect_to event_invitation_path(@event, invitation) if invitation + redirect_to event_invitation_path(@event, invitation) if invitation end def student @@ -74,6 +75,6 @@ def find_invitation_and_redirect_to_event(role) end def set_event - @event = Event.find_by(slug: params[:event_id]) + @event = Event.find_by!(slug: params[:event_id]) end end diff --git a/app/controllers/feedback_controller.rb b/app/controllers/feedback_controller.rb index 3b2602df3..0263e207a 100644 --- a/app/controllers/feedback_controller.rb +++ b/app/controllers/feedback_controller.rb @@ -19,7 +19,7 @@ def submit redirect_to root_path else - feedback_request = FeedbackRequest.find_by(token: params[:id], submited: false) + feedback_request = FeedbackRequest.find_by!(token: params[:id], submited: false) set_coaches(feedback_request.workshop) @workshop = feedback_request.workshop diff --git a/app/controllers/invitations_controller.rb b/app/controllers/invitations_controller.rb index fb4964b26..ffb5ceaf8 100644 --- a/app/controllers/invitations_controller.rb +++ b/app/controllers/invitations_controller.rb @@ -77,7 +77,7 @@ def rsvp_meeting end def cancel_meeting - @invitation = MeetingInvitation.find_by(token: params[:token]) + @invitation = MeetingInvitation.find_by!(token: params[:token]) @invitation.update_attribute(:attending, false)