govuk-prototype-kit icon indicating copy to clipboard operation
govuk-prototype-kit copied to clipboard

Published 20 hours ago verified publisher icon alphagov

Notify errors can crash app

Open lfdebrux opened this issue 3 years ago • 2 comments

Description of the issue

We've had a report that using the Notify client to send emails without handling the returned error can cause the app to crash:

For me the error was caused by entering an email address or mobile number that wasn’t on the guest list or associated with a team member. This issue could happen to anyone with a Notify account in trial mode. Although i don’t need to handle the errors in any particular way - v11 of the prototype kit will crash if an error is returned. That also means heroku apps will completely crash for all users and can’t be recovered unless rebuilt.

https://ukgovernmentdigital.slack.com/archives/C0647LW4R/p1638892594332100?thread_ts=1638881281.327200&cid=C0647LW4R

Steps to reproduce the issue

Actual vs expected behaviour

Environment (where applicable)

  • Operating system:
  • Browser:
  • Browser version:
  • GOV.UK Prototype Kit version:

Proposed fix

Our fix was just one line of code. Maybe the documentation example on https://govuk-prototype-kit.herokuapp.com/docs/using-notify could be changed to something like this:

// The URL here needs to match the URL of the page that the user is on
// when they type in their email address
router.post('/email-address-page', function (req, res) {

  notify.sendEmail(
    // this long string is the template ID, copy it from the template
    // page in GOV.UK Notify. It's not a secret so it's fine to put it
    // in your code.
    'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
    // `emailAddress` here needs to match the name of the form field in
    // your HTML page
    req.body.emailAddress
  ).catch(err => console.error(err));

  // This is the URL the users will be redirected to once the email
  // has been sent
  res.redirect('/confirmation-page');

});

lfdebrux avatar Dec 07 '21 16:12 lfdebrux

Have not yet tried to reproduce this.

Edited to add: it seems bad in general that uncaught errors in user defined routes can crash the app, there should be a fallback error handler, so that we can avoid users having to add basic error handling to each call themselves.

lfdebrux avatar Dec 07 '21 16:12 lfdebrux

I will investigate this week, look at which fixes might be appropriate and how to prioritise them.

nataliecarey avatar Feb 08 '22 11:02 nataliecarey