Improve error messages and fix task users/items endpoints [SCI-2886]

app/controllers/api/api_controller.rb

@@ -56,16 +56,18 @@ module Api
       token_payload, = Api::AzureJwt.decode(token)
       @current_user = User.from_azure_jwt_token(token_payload)
       unless current_user
-        raise JWT::InvalidPayload, 'Azure AD: User mapping not found'
+        raise JWT::InvalidPayload, I18n.t('api.core.no_azure_user_mapping')
       end
     end
 
     def authenticate_request!
       @token = request.headers['Authorization']&.sub('Bearer ', '')
-      raise StandardError, 'Common: No token in the header' unless @token
+      unless @token
+        raise JWT::VerificationError, I18n.t('api.core.missing_token')
+      end
 
       @iss = CoreJwt.read_iss(token)
-      raise JWT::InvalidPayload, 'Common: Missing ISS in the token' unless @iss
+      raise JWT::InvalidPayload, I18n.t('api.core.no_iss') unless @iss
 
       Extends::API_PLUGABLE_AUTH_METHODS.each do |auth_method|
         method(auth_method).call
@@ -74,12 +76,12 @@ module Api
 
       # Default token implementation
       unless iss == Api.configuration.core_api_token_iss
-        raise JWT::InvalidPayload, 'Default: Wrong ISS in the token'
+        raise JWT::InvalidPayload, I18n.t('api.core.wrong_iss')
       end
       payload = CoreJwt.decode(token)
       @current_user = User.find_by_id(payload['sub'])
       unless current_user
-        raise JWT::InvalidPayload, 'Default: User mapping not found'
+        raise JWT::InvalidPayload, I18n.t('api.core.no_user_mapping')
       end
     end
 

app/controllers/api/v1/base_controller.rb

@@ -65,6 +65,15 @@ module Api
         )
       end
 
+      rescue_from JWT::DecodeError,
+                  JWT::InvalidPayload,
+                  JWT::VerificationError,
+                  JWT::ExpiredSignature do |e|
+        render_error(
+          I18n.t('api.core.invalid_token'), e.message, :unauthorized
+        )
+      end
+
       private
 
       def render_error(title, message, status)

app/controllers/api/v1/task_inventory_items_controller.rb

@@ -7,7 +7,6 @@ module Api
       before_action :load_project
       before_action :load_experiment
       before_action :load_task
-      before_action :load_inventory_item, only: :show
 
       def index
         items =
@@ -24,7 +23,7 @@ module Api
       end
 
       def show
-        render jsonapi: @item,
+        render jsonapi: @task.repository_rows.find(params.require(:id)),
                serializer: InventoryItemSerializer,
                show_repository: true,
                include: %i(inventory_cells inventory)

config/locales/en.yml

@@ -2002,6 +2002,11 @@ en:
       status_ok: "Ok"
       expired_token: "Token is expired"
       invalid_token: "Token is invalid"
+      missing_token: "Core: No token in the header"
+      no_iss: "Core: Missing ISS in the token"
+      wrong_iss: "Default: Wrong ISS in the token"
+      no_user_mapping: "Default: User mapping not found"
+      no_azure_user_mapping: "Azure AD: User mapping not found"
       errors:
         general:
           title: "Error"

config/routes.rb

@@ -599,13 +599,13 @@ Rails.application.routes.draw do
                   resources :task_inventory_items, only: %i(index show),
                             path: 'items',
                             as: :items
-                  resources :task_users, only: %i(index),
+                  resources :task_users, only: %i(index show),
                             path: 'users',
                             as: :users
                   resources :task_tags, only: %i(index show),
                             path: 'tags',
                             as: :tags
-                  resources :protocols, only: %i(index show)
+                  resources :protocols, only: %i(index)
                   resources :results, only: %i(index create show)
                   get 'inputs', to: 'tasks#inputs'
                   get 'outputs', to: 'tasks#outputs'