dspace-angular icon indicating copy to clipboard operation
dspace-angular copied to clipboard

Published 20 hours ago verified publisher icon DSpace

Missing information about failed query against external providers

Open corrad82-4s opened this issue 3 years ago • 3 comments

Describe the bug While working at rest issue #8327 we noticed that, in case of error during external system query, user is not properly informed about this failure.

To Reproduce Steps to reproduce the behavior:

  1. login to dspace7 and go to MyDSpace
  2. start a new Publication submission from external source
  3. enter a query string and select “Pubmed” as external source
  4. In case query fails with a 500 backend error, following page is displayed

image image

Expected behavior In case of rest error (500 in this example) A message indicating that search went in error. We believe current behavior could be improved, and such improvement would lead to a little UX improvement in case of failure of a query for live import towards an external system.

We, 4Science, can take in charge this improvement, our work estimation is 2/4 hours.

corrad82-4s avatar Jun 07 '22 13:06 corrad82-4s

This ticket seems somewhat related to https://github.com/DSpace/DSpace/issues/8358, but it might be more specific to a single area of DSpace.

I'm not against this idea, but I think we need to be cautious. As noted in that other ticket, the REST API was designed to not return error stacktraces in order to avoid "information exposure" (it can be a security issue to share full exceptions as it can give attackers too much information about the underlying system).

All that said, I do agree that there are specific areas where we can and should be providing a more detailed error message. This seems like one that would qualify. I just want us to try to avoid information exposure (see https://lgtm.com/rules/6780073/)

tdonohue avatar Jun 28 '22 19:06 tdonohue

Hi @tdonohue , thank you for your feedback. I agree with you about the fact that we need to be cautious and avoid information exposure. In some scenarios we could provide more detailed messages, but In the case described in this ticket I don't think detailed messages would help. The experience I had was simpler: basically, when query against external sources goes in error, and REST returns a 500 error, user does not have any information about this. The page remains blank. The improvement I suggest is simply the handling of the backend error with a message saying "The query against the external system went in error, please try again later" or something similar.

corrad82-4s avatar Jun 29 '22 12:06 corrad82-4s

we are almost ready to open the PR, it was a bit harder than expected, it took 8 hours

abollini avatar Jul 22 '22 15:07 abollini