Merged
Conversation
- use HTTPResponse.json_ok and HTTPResponse.json_error to standardize api responses across all `views.py` files - update all tests to use the new response models - fix: use `DateHelper` to properly serialize datetime fields in `Session` model
level09
reviewed
Jul 14, 2025
| response_data = {"message": message} | ||
| if errors: | ||
| response_data["errors"] = errors | ||
| return Response(json.dumps(response_data), status=status, content_type="application/json") |
Check warning
Code scanning / CodeQL
Information exposure through an exception Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 8 months ago
To fix the issue, we need to ensure that sensitive information, such as stack traces, is not exposed to the client. Instead, we should log the detailed error message on the server and return a generic error message to the client. Specifically:
- Modify the
HTTPResponse.errormethod inenferno/utils/http_response.pyto accept an optionallog_messageparameter. This parameter will be used for logging detailed error information, while themessageparameter will contain a generic error message for the client. - Update the exception handling in
enferno/admin/views.pyto log the exception details and pass a generic error message toHTTPResponse.error.
Suggested changeset
2
enferno/utils/http_response.py
| @@ -21,4 +21,7 @@ | ||
| @staticmethod | ||
| def _json_error(message: str, status: int = 400, errors: Any = None) -> Response: | ||
| def _json_error(message: str, status: int = 400, errors: Any = None, log_message: str | None = None) -> Response: | ||
| """Standard JSON response for error.""" | ||
| if log_message: | ||
| # Log the detailed error message | ||
| current_app.logger.error(log_message) | ||
| response_data = {"message": message} | ||
| @@ -41,5 +44,5 @@ | ||
| @staticmethod | ||
| def error(message: str, status: int = 400, errors: Any = None) -> Response: | ||
| def error(message: str, status: int = 400, errors: Any = None, log_message: str | None = None) -> Response: | ||
| """Error response with custom status""" | ||
| return HTTPResponse._json_error(message, status, errors) | ||
| return HTTPResponse._json_error(message, status, errors, log_message) | ||
|
|
enferno/admin/views.py
Outside changed files
| @@ -1382,3 +1382,4 @@ | ||
| except Exception as e: | ||
| return HTTPResponse.error(str(e), status=500) | ||
| current_app.logger.error("Error reordering location admin levels: %s", str(e)) | ||
| return HTTPResponse.error("An internal error occurred. Please contact support.", status=500) | ||
| return HTTPResponse.success( |
Copilot is powered by AI and may make mistakes. Always verify output.
- Replace incorrect 'any' with proper 'Any' from typing - Fix dict parameter types to handle None properly (dict | None) - Add missing return type annotations (-> Response) - Improve type hint consistency across all methods
- Fix HTTP status codes: replace 417 with proper codes (400, 409, 500)
- Add axios response interceptor to flatten {data: {items: []}} → {items: []}
- Centralize all frontend API calls through unified api service
- Update 180+ axios calls across templates and components
- Maintain backward compatibility with existing response.data patterns
…389-standardize-api-responses
5 tasks
Resolved conflicts: - enferno/data_import/templates/sheets-import.html: Updated to use 'api' client consistently with API standardization - tests/data_import/test_imports.py: Added both get_first_or_fail and load_data imports Maintained API response standardization while incorporating main branch improvements including: - Enhanced UI components (DropField, EventsSection, IdNumberDynamicField, ImageViewer) - Improved sheet import utilities - Updated package dependencies
level09
approved these changes
Aug 1, 2025
- Replace HTTPResponse.FORBIDDEN with HTTPResponse.forbidden() - Replace HTTPResponse.NOT_FOUND with HTTPResponse.not_found() - Fix import path for convert_empty_strings_to_none in test - Remove unused load_data import This completes the API response standardization in data_import module.
- Fix import path for convert_empty_strings_to_none in test_media_categories.py - Fix import path for convert_empty_strings_to_none in test_relation_infos.py - Fix import path for convert_empty_strings_to_none in test_roles.py All imports now use the correct path: enferno.utils.validation_utils This completes the import path standardization after the merge.
tarekio
approved these changes
Aug 1, 2025
tarekio
pushed a commit
that referenced
this pull request
Aug 9, 2025
Several api endpoints were returning stacktrace info. This issue was introduced in #131.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Jira Issue
Description
json_errorandjson_okhelper methods inHTTPResponseclass.Checklist
API Changes (if applicable)
Additional Notes
[Any other relevant information]