• Anonymous (unregistered)

    Error 500: comment not found

  • RFoxmich (unregistered)

    frist on rails again

  • Damien (unregistered)
    article:
    A 400 - Bad Request is more appropriate.

    Except request.format is presumably derived from the Accept headers, in which case 406 is more more appropriate.

  • Rasmus (unregistered)

    Error 418 is the most appropriate error code for all situations.

  • (cs)

    There's also a useful convention based around using indentation to convey the structure of your code.

    def unique
    unless request.format == 'application/json'
    head :unauthorized
    return
    end
    status = if ["user_name", "email"].include?(params[:id].to_s)
    User.exists?(params[:id] => params[:value]) ? 200 : 404
    else
    500
    end
    render :json => {}, :status => status
    end

  • Tommy (unregistered)

    The real WTF is using Ruby on Fails...errr I mean Rails.

  • faoileag (unregistered)

    [+1] for the complete absence of unnecessary embellishment in the story.

    [+1] for making the effort of explaining that Ruby on Rails code snippet.

    And another [+1] for the fact that the explanation is good enough so that someone not familiar with Ruby on Rails can understand the code and the wtfs presented in the article.

  • (cs) in reply to faoileag
    faoileag:
    [+1] for the complete absence of unnecessary embellishment in the story.

    [+1] for making the effort of explaining that Ruby on Rails code snippet.

    And another [+1] for the fact that the explanation is good enough so that someone not familiar with Ruby on Rails can understand the code and the wtfs presented in the article.

    = (+1 +1 +1) * 2 // From me

  • (cs) in reply to faoileag
    faoileag:
    [+1] for the complete absence of unnecessary embellishment in the story.

    [+1] for making the effort of explaining that Ruby on Rails code snippet.

    And another [+1] for the fact that the explanation is good enough so that someone not familiar with Ruby on Rails can understand the code and the wtfs presented in the article.

    Thirded.

  • Andy F (unregistered) in reply to Medinoc
    Medinoc:
    faoileag:
    [+1] for the complete absence of unnecessary embellishment in the story.

    [+1] for making the effort of explaining that Ruby on Rails code snippet.

    And another [+1] for the fact that the explanation is good enough so that someone not familiar with Ruby on Rails can understand the code and the wtfs presented in the article.

    Thirded.
    Quartered.

  • Andrew Beard (unregistered) in reply to Andy F
    Andy F:
    Medinoc:
    faoileag:
    [+1] for the complete absence of unnecessary embellishment in the story.

    [+1] for making the effort of explaining that Ruby on Rails code snippet.

    And another [+1] for the fact that the explanation is good enough so that someone not familiar with Ruby on Rails can understand the code and the wtfs presented in the article.

    Thirded.
    Quartered.

    BBQed.

  • (cs)

    I would have written a comment, but it seems to be in vain as the article says: "pay no attention to the comments"

  • (cs) in reply to Andy F
    Andy F:
    Medinoc:
    faoileag:
    [+1] for the complete absence of unnecessary embellishment in the story.

    [+1] for making the effort of explaining that Ruby on Rails code snippet.

    And another [+1] for the fact that the explanation is good enough so that someone not familiar with Ruby on Rails can understand the code and the wtfs presented in the article.

    Thirded.
    Quartered.
    Drawn.

  • Smug Unix User (unregistered)

    These types of articles were the reason I came to this site.

  • (cs) in reply to Rasmus
    Rasmus:
    Error 418 is the most appropriate error code for all situations.
    The first search result for "http 418" has a "Legitimate" use for 418 that could definitely appear on TheDailyWTF someday.

    http://blog.inedo.com/2010/10/12/http-418-im-a-teapot-finally-a-%e2%80%9clegitimate%e2%80%9d-use/

  • Lori (unregistered)
    HTTP 500 errors indicate a [sic] no more appropriate error code could be returned.
    If the developer only knows three error codes, this applies.
  • valetudo (unregistered)

    Wow.

    Much great.

    Such speed.

    How Ruby!

    Wow.

  • (cs) in reply to valetudo
    valetudo:
    Wow.

    Much great.

    Such speed.

    How Ruby!

    Wow.

    It is a great injustice that my comment up there ^ was initially stopped by the spam filter and yet this one got through.

  • faoileag (unregistered) in reply to Zacrath
    Zacrath:
    valetudo:
    Wow.

    Much great.

    Such speed.

    How Ruby!

    Wow.

    It is a great injustice that my comment up there ^ was initially stopped by the spam filter and yet this one got through.
    That's Akismet for you. Hoping...

  • faoileag (unregistered) in reply to faoileag
    faoileag:
    That's Akismet for you. Hoping...
    Oh, ok. Akismet allows a link to itself.
  • Tyler (unregistered)

    15 comments no defense yet? I'll give it a shot (keeping in mind I have never read Ruby or similar looking language before).

    1. Request.format != application/json return unauthorized. Makes perfect sense, if this particular module is reached by some method other than the expected interface, the user is "url hacking" and should be denied. A 400 would be more appropriate if an impossible email address/username had been provided and the script was setup to detect this.

    2. the note on :id struck me as odd for a language, quick google gives a stackoverflow msg with hammar posting that :id would correspond to user_name in the /users/unique/user_name path. Anyone want to give the doc?

    3. 404 means "not found". 404 Not Found The requested resource could not be found but may be available again in the future

    The resource was in fact found so 404 is inappropriate, 500, internal error is more appropriate when you take into account that this is supposed to be referenced only by an application. Quick google says 420/449 may be more appropriate for detail but 500 should be sufficient.

  • faoileag (unregistered) in reply to Tyler
    Tyler:
    15 comments no defense yet?
    Ah the endless discussion about what http status code is appropriate for what situation...

    Hm. We had one of those a few weeks back in '13, if I remember correctly...

  • Tyler (unregistered)

    Which topic was it under? Some days I don't follow the comments and that sounds of interest.

  • MightyM (unregistered) in reply to Zacrath
    Zacrath:
    Rasmus:
    Error 418 is the most appropriate error code for all situations.
    The first search result for "http 418" has a "Legitimate" use for 418 that could definitely appear on TheDailyWTF someday.

    http://blog.inedo.com/2010/10/12/http-418-im-a-teapot-finally-a-%e2%80%9clegitimate%e2%80%9d-use/

    Actually Stack Overflow returns a 418 on a CSRF violation: Stack Overflow returning HTTP error code 418 (I'm a teapot)?

    Ignore this line.

  • (cs) in reply to Tyler
    Tyler:
    15 comments no defense yet? I'll give it a shot (keeping in mind I have never read Ruby or similar looking language before).
    1. Request.format != application/json return unauthorized. Makes perfect sense, if this particular module is reached by some method other than the expected interface, the user is "url hacking" and should be denied. A 400 would be more appropriate if an impossible email address/username had been provided and the script was setup to detect this.

    2. the note on :id struck me as odd for a language, quick google gives a stackoverflow msg with hammar posting that :id would correspond to user_name in the /users/unique/user_name path. Anyone want to give the doc?

    3. 404 means "not found". 404 Not Found The requested resource could not be found but may be available again in the future

    The resource was in fact found so 404 is inappropriate, 500, internal error is more appropriate when you take into account that this is supposed to be referenced only by an application. Quick google says 420/449 may be more appropriate for detail but 500 should be sufficient.

    1. From the spec:
    10.4.2 401 Unauthorized

    The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested resource.

    So 401 should only be returned when the request needs to be authenticated. Not when the request has the wrong format type.

    1. The spec actually says:
    No indication is given of whether the condition is temporary or permanent.

    Also the resource being requested is info on the user. If the user doesn't exist then the resource doesn't exist. It's somewhat subjective though.

  • faoileag (unregistered) in reply to Tyler
    Tyler:
    Which topic was it under? Some days I don't follow the comments and that sounds of interest.
    SQL Injection Not Found Ummm... it's from July 2013... a few weeks? Time sure flies!
  • Cidolfas (unregistered)

    A 500 error generally means "something went wrong with the server, we have no idea what, go talk to the admin". In Rails it's generally sent by the framework, not application code.

    The main culprit with this code is the total misunderstanding of what the "ID" part of the URL is. The ID is the record you are trying to find. If you don't have a record ID, you simply do not use the ID field. This means setting up your route as a "collection" rather than "member" route, and the URLs should really look like this:

    /users/unique?username=foo
    /users/[email protected]

    and the main code should look like this:

    status = if params[:username].blank? && params[:email].blank?
        400
      else
        conditions = params[:username].present? ? 
          {:username => params[:username]} : 
          {:email => params[:email]}
        User.exists?(conditions) ? 200 : 404
      end

    I could make it more generic in case one wants to search for different keys, but this works for the simple case.

  • so wow (unregistered) in reply to valetudo

    I too thought with much great speed to make a doge style comment, but one had already appeared so does not really qualified.

    Captcha: odio Odio los errores of grammatik in keine articulo.

  • gnasher729 (unregistered) in reply to Tyler
    Tyler:
    15 comments no defense yet? I'll give it a shot (keeping in mind I have never read Ruby or similar looking language before).
    1. Request.format != application/json return unauthorized. Makes perfect sense, if this particular module is reached by some method other than the expected interface, the user is "url hacking" and should be denied. A 400 would be more appropriate if an impossible email address/username had been provided and the script was setup to detect this.

    That may make sense to you, but is blatantly wrong. 401 is for situations when authentication fails. Typically, the website wants a password and the client didn't provide one, or the website wants a password and the client provided an incorrect one. More often, it's not a password but some security token supplied in the headers. Together with the 401 error, the server needs to send a challenge that the client can respond to by providing the right authentication and making the call succeed (obviously, the server would check authentication before it checks anything else, to avoid giving a hacker information).

    Summary: 401 is for errors that can be fixed by providing authentication. If the server only handles application/json, that is not a problem that can be fixed by providing authentication, therefore a 401 is wrong.

  • Anonymous Paranoiac (unregistered)

    Yep, best TDWTF in many [unit of time]s.

  • Anon (unregistered) in reply to steenbergh
    steenbergh:
    Andy F:
    Medinoc:
    faoileag:
    [+1] for the complete absence of unnecessary embellishment in the story.

    [+1] for making the effort of explaining that Ruby on Rails code snippet.

    And another [+1] for the fact that the explanation is good enough so that someone not familiar with Ruby on Rails can understand the code and the wtfs presented in the article.

    Thirded.
    Quartered.
    Drawn.
    Hung.

  • (cs)

    WTFRuby on WryRails!

  • Valued Service (unregistered) in reply to Smug Unix User
    Smug Unix User:
    These types of articles were the reason I came to this site.

    blue comment please!!!

  • ImATeapot (unregistered) in reply to Rasmus
    Rasmus:
    Error 418 is the most appropriate error code for all situations.

    Damn you beat me to it :(

  • Anon (unregistered) in reply to MightyM
    MightyM:
    Zacrath:
    Rasmus:
    *snip*
    *snip again*
    *snip the third*

    The only legitimate use for a 418 is http://httpcats.herokuapp.com/418

    Well, I'm trying to get past the filter, but it is failing.

    I'm starting to think TRWTF is this moronic spam filter what can't tell the difference between legitimate comments and spam. I wonder how long I'll need to continue adding text to this comment before it allows me to post.

    I'm just going to start snipping quotes.

  • airdrik (unregistered) in reply to pjt33
    pjt33:
    There's also a useful convention based around using indentation to convey the structure of your code.
    def unique
        unless request.format == 'application/json'
            head :unauthorized
            return
        end
        status = if ["user_name", "email"].include?(params[:id].to_s)
                User.exists?(params[:id] => params[:value]) ? 200 : 404
            else
                500
            end
        render :json => {}, :status => status
    end

    pthh, indentation is for those losers using python. Ruby is not python and doesn't use indentation. Don't ruin a perfectly good code snippet by adding a feature only required in other languages.

    [/troll]

  • noland (unregistered) in reply to Tyler
    Tyler:
    3. 404 means "not found". 404 Not Found The requested resource could not be found but may be available again in the future

    The resource was in fact found so 404 is inappropriate, 500, internal error is more appropriate when you take into account that this is supposed to be referenced only by an application. Quick google says 420/449 may be more appropriate for detail but 500 should be sufficient.

    500: "The server encountered an internal error or misconfiguration and was unable to complete your request." Is this meant to indicate that the request was well-formed, but the script was misconfigurated to handle the request? I do not think so.

    The resource should be returning a status in the 4xx error-range! In case you want to distinguish this from the other 404-case: What about 406 "Not Acceptable"?

  • (cs) in reply to Zacrath
    Zacrath:
    Rasmus:
    Error 418 is the most appropriate error code for all situations.
    The first search result for "http 418" has a "Legitimate" use for 418 that could definitely appear on TheDailyWTF someday.

    http://blog.inedo.com/2010/10/12/http-418-im-a-teapot-finally-a-%e2%80%9clegitimate%e2%80%9d-use/

    I am disappointed that Dr Joseph Reddington's HTCPCP enabled Teapot didn't rate higher.

  • (cs) in reply to Rasmus
    Rasmus:
    Error 418 is the most appropriate error code for all situations.

    And yet the most stolen Colorado Road Mile Marker is 420. (for obvious but rather different reasons...)

    tho' one wonders whether a bunch of nerds wouldn't steal the 404 mile marker, which then, of course would be in a tautological situation!

  • Chelloveck (unregistered)

    I want to know why the article presumes the comments are incorrect. Granted, they don't tell us what the code is actually doing, but perhaps they tell us what the code is supposed to be doing. Maybe TRWTF is that the code blatantly ignores the very simple URL requirements as documented in the comments?

  • (cs) in reply to cellocgw
    cellocgw:
    Rasmus:
    Error 418 is the most appropriate error code for all situations.

    And yet the most stolen Colorado Road Mile Marker is 420. (for obvious but rather different reasons...)

    tho' one wonders whether a bunch of nerds wouldn't steal the 404 mile marker, which then, of course would be in a tautological situation!

    didn't they just change them to 419.99 mile markers?

  • (cs) in reply to Chelloveck
    Chelloveck:
    I want to know why the article presumes the comments are incorrect. Granted, they don't tell us what the code is actually doing, but perhaps they tell us what the code is *supposed* to be doing. Maybe TRWTF is that the code blatantly ignores the very simple URL requirements as documented in the comments?

    I guess it's relative. They're incorrect in documenting what the code is actually doing, regardless of what the spec is.

  • (cs) in reply to Anonymous Paranoiac
    Anonymous Paranoiac:
    Yep, best TDWTF in many [unit of time]s.

    Indeed. It made me warm and fuzzy inside. It's a glimmer of hope for this site.

  • Dilligaf (unregistered) in reply to cellocgw
    cellocgw:
    And yet the most stolen Colorado Road Mile Marker is 420. (for obvious but rather different reasons...)

    Citation? Colorado is 380 miles by 280 miles (roughly) ... it seems unlikely that there would be many roads over 400 miles long in the state.

    It does appear that I-70 would have a milepost 420.

    captcha: sino. cellocgw claims that milepost 420 is the most stolen sino in Colorado. Rocky mountain high!

  • (cs)

    I appreciated the explanation. Thank you.

    Sincerely,

    Gene Wirchenko

  • ¯\(°_o)/¯ I DUNNO LOL (unregistered) in reply to Dilligaf
    Dilligaf:
    It does appear that I-70 would have a milepost 420.
    Here's milepost 448.

    https://maps.google.com/?ll=39.327725,-102.061357&spn=0.046807,0.055447&t=m&z=14&layer=c&cbll=39.32768,-102.077998&panoid=uwv6nLmr4JY5th9fKFr7lA&cbp=12,113.29,,0,25.62

  • (cs)
  • ¯\(°_o)/¯ I DUNNO LOL (unregistered)

    Ha ha... I just tried to find the 420 mile marker on Google's street view, and the eastbound mile marker was already stolen. The westbound one is still there, though that street view could have been done on a different day.

    It's just east of Stratton, for those of you who want to save a few minutes.

    And both of the 404 markers are there, but the westbound one seems to actually be 4O4.

  • Frederik (unregistered)

    The only defense I can give for this code is that the original wasn't missing indentation. Other than that, I'm pretty sure the author was drunk or something.

  • (cs) in reply to chubertdev
    chubertdev:
    Thank you. I am sure I am not the only one to whom the reference to 420 was very much not obvious.

Leave a comment on “Just Because It's Ruby, Doesn't Mean It's a Gem”

Log In or post as a guest

Replying to comment #425044:

« Return to Article