Handle bad URIs gracefully

Fixes #1110
sul-dlss · Jan 22, 2024 · 21828fa · 21828fa
1 parent a3346d8
commit 21828fa
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 2 deletions.
diff --git a/app/controllers/iiif/auth/v2/probe_service_controller.rb b/app/controllers/iiif/auth/v2/probe_service_controller.rb
@@ -81,6 +81,8 @@ def parse_uri(uri)
             raise ActionDispatch::Http::Parameters::ParseError
           end
           druid, file_name = URI.decode_uri_component(obj.path.delete_prefix('/file/')).split('/', 2)
+          raise ActionDispatch::Http::Parameters::ParseError, "Provided ID is not local" unless druid
+
           { druid: druid.delete_prefix('druid:'), file_name: }
         end
       end

diff --git a/spec/requests/iiif/auth/v2/probe_service_spec.rb b/spec/requests/iiif/auth/v2/probe_service_spec.rb
@@ -42,11 +42,11 @@
     end
   end
 
-  context "when the passed in uri isn't formatted correctly" do
+  context "when the druid in the passed in uri isn't formatted correctly" do
     let(:id) { '111' }
 
     before do
-      get "/iiif/auth/v2/probe?id=#{stacks_uri}"
+      get "/iiif/auth/v2/probe?id=#{stacks_uri_param}"
     end
 
     it 'returns a success response' do
@@ -58,6 +58,18 @@
     end
   end
 
+  context "when the passed in uri isn't a stacks resource" do
+    let(:stacks_uri) { "https://example.com" }
+
+    before do
+      get "/iiif/auth/v2/probe?id=#{stacks_uri_param}"
+    end
+
+    it 'is a bad_request' do
+      expect(response).to have_http_status :bad_request
+    end
+  end
+
   context 'when the user has access to the resource because it is world accessible' do
     let(:public_json) do
       {