article Rails' rescue_from

02 Oct 2013
#ruby #rails
Security For Rails Developers

Develop the right mindset for Rails security

Avoid shipping vulnerable code by learning how to prevent security issues in your Rails applications.

Get the course for $99
rescue_from is a very useful method in Rails. It lets us to catch exceptions and pass them to a callback or a block. A typical usecase is to handle ActiveRecord::RecordNotFound errors like in this example: 
FooController < ActionController::Base
  rescue_from ActiveRecord::RecordNotFound, with: not_found

  private
  def not_found
    message = "Foo with ID #{params[:id]} not found."
    logger.error message
    redirect_to not_found_url, info: message
  end
end
In the example above whenever an ActiveRecord::RecordNotFound raised in the scope of the FooController it will be caught and the notfound method will log the event than redirect to the notfound page with a message to display in the browser. Since rescue_from works with a block too we can refactor the above as follows: 
FooController < ActionController::Base
  rescue_from ActiveRecord::RecordNotFound do |exception|
    message = "Foo with ID #{params[:id]} not found."
    logger.error message
    redirect_to not_found_url, info: message
  end
end
Another case when rescue_from comes handy is when we use cancan for authorization and we want to handle the authorization errors. We can do so by add the following to the application controller: 
rescue_from CanCan::AccessDenied do |exception|
  redirect_to root_url, :alert => exception.message
end
As you see in this case we display the exception message set by cancan. If you want to use rescue_from from in a class which does not inherit from ActionController::Base you just need to mixin the ActiveSupport::Rescuable: 
class Foo
  include ActiveSupport::Rescuable
end

Or follow me on Twitter

Related posts