fix: change custom error handler to display message from API

[tomrndom]

ref: https://app.clickup.com/t/86b9nn4wc

Signed-off-by: Tomás Castillo tcastilloboireau@gmail.com

Summary by CodeRabbit

• Bug Fixes
  • Enhanced error handling to display detailed server-provided error messages instead of generic hard-coded messages.
  • Improved validation error feedback for ticket operations with more informative server-provided details.
  • Better error message rendering to handle various server response formats appropriately.

[coderabbitai]

📝 Walkthrough

Walkthrough

The error handler for ERROR_CODE_412 in ticket actions now dynamically constructs SweetAlert content from server response body instead of displaying hardcoded messages. When an errors field is present in the response, it also dispatches a VALIDATE action with the error data for further processing.

Changes

Cohort / File(s)	Summary
Error Handling Enhancement src/actions/ticket-actions.js	Modified ERROR_CODE_412 handler to extract and display dynamic error content from server response body. Renders array elements or object key values in SweetAlert. Conditionally dispatches VALIDATE action when errors field is present in response.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• smarcet

Poem

🐰 When tickets fail their 412 dance,
The server speaks its truth at last—
No more hard-coded mystery!
Errors flow from source to view,
A validation-bound rebirth,
Errors whisper their reply. 🌟

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: updating the error handler to display API-returned messages instead of hard-coded text.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/ticket-scan-error-handler

---

_{Review rate limit: 4/5 reviews remaining, refill in 12 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/actions/ticket-actions.js`:
- Around line 129-133: The VALIDATE dispatch is passing the entire
err.response.body as payload.errors while the condition checks
err.response.body.errors; update the dispatch in the error handler (where
VALIDATE is dispatched) to set payload.errors to err.response.body.errors (or
use a safe fallback like err.response.body.errors || {}) so the shape matches
what ticket-type-reducer.js expects; locate the VALIDATE dispatch in
src/actions/ticket-actions.js and replace the payload assignment accordingly.
- Around line 117-124: The ERROR_CODE_412 handler uses msg without declaring it
and assumes err.response.body exists; declare a local variable (e.g., let msg =
'') before the body inspection and guard the access to err.response and
err.response.body (e.g., if (err.response && err.response.body) { ... }) in the
block that contains the Array.isArray(err.response.body) and Object.keys(...)
branches in src/actions/ticket-actions.js so you won't get a ReferenceError and
you safely handle missing/undefined response bodies.
- Line 127: The Swal.fire call is passing API-derived content via the HTML slot
(Swal.fire("Validation error", msg, "warning")), which can create XSS; change
the call to use the text option instead and ensure msg is a plain string (e.g.
replace with Swal.fire({ title: "Validation error", text: msg, icon: "warning"
})), or alternatively escape/sanitize msg before displaying; locate the
Swal.fire invocation and the msg variable in src/actions/ticket-actions.js and
update the call accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 037fbd5f-a6e2-41e4-9bbc-06ba46de403f

📥 Commits

Reviewing files that changed from the base of the PR and between d3edaee and 6ce3ea5.

📒 Files selected for processing (1)

• src/actions/ticket-actions.js

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify `msg` has assignments but no local declaration in the changed handler.
rg -nP 'customErrorHandler|ERROR_CODE_412|msg\s*\+=' src/actions/ticket-actions.js -C3
rg -nP '\b(let|const|var)\s+msg\b' src/actions/ticket-actions.js -C1

Repository: fntechgit/summit-admin

Length of output: 1187

---

msg is undeclared and will crash at runtime.

Lines 119 and 123 use msg without declaring it. This causes a ReferenceError when the ERROR_CODE_412 handler runs. Guard err.response.body before accessing it.

🔧 Proposed fix

   switch (code) {
-    case ERROR_CODE_412:
-      if (Array.isArray(err.response.body)) {
-        err.response.body.forEach((er) => {
+    case ERROR_CODE_412: {
+      const body = err?.response?.body;
+      if (!body) {
+        Swal.fire("Validation error", "", "warning");
+        break;
+      }
+
+      let msg = "";
+      if (Array.isArray(body)) {
+        body.forEach((er) => {
           msg += `${er}<br>`;
         });
       } else {
-        Object.keys(err.response.body).forEach((key) => {
-          msg += `${err.response.body[key]}<br>`;
+        Object.keys(body).forEach((key) => {
+          msg += `${body[key]}<br>`;
         });
       }
 
       Swal.fire("Validation error", msg, "warning");
+      if (body.errors) {
+        dispatch({
+          type: VALIDATE,
+          payload: { errors: body.errors }
+        });
+      }
+      break;
+    }
-
-      if (err.response.body.errors) {
-        dispatch({
-          type: VALIDATE,
-          payload: { errors: err.response.body }
-        });
-      }
-      break;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/actions/ticket-actions.js` around lines 117 - 124, The ERROR_CODE_412
handler uses msg without declaring it and assumes err.response.body exists;
declare a local variable (e.g., let msg = '') before the body inspection and
guard the access to err.response and err.response.body (e.g., if (err.response
&& err.response.body) { ... }) in the block that contains the
Array.isArray(err.response.body) and Object.keys(...) branches in
src/actions/ticket-actions.js so you won't get a ReferenceError and you safely
handle missing/undefined response bodies.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

In SweetAlert2, does Swal.fire(title, html, icon) treat the second argument as HTML, and is it sanitized by default?

💡 Result:

Yes. In SweetAlert2, the shorthand call Swal.fire(title, html, icon) maps the second argument to the html parameter (i.e., the modal body is treated as HTML). No. SweetAlert2 does not sanitize the html parameter by default. Its TypeScript definitions explicitly state that it “does NOT sanitize this parameter” and that escaping user input is the developer’s responsibility to prevent XSS. So, if you pass user-controlled strings as the second argument, you must escape/sanitize them yourself before calling Swal.fire(...).

Citations:

• 1: https://github.com/sweetalert2/sweetalert2/blob/main/sweetalert2.d.ts
• 2: https://deepwiki.com/sweetalert2/sweetalert2/2.2-parameter-handling
• 3: https://cdn.jsdelivr.net/npm/sweetalert2@9.12.0/README.md

---

🏁 Script executed:

cat -n src/actions/ticket-actions.js | sed -n '110,145p'

Repository: fntechgit/summit-admin

Length of output: 1252

---

🏁 Script executed:

cat -n src/actions/ticket-actions.js | sed -n '100,135p'

Repository: fntechgit/summit-admin

Length of output: 1429

---

🏁 Script executed:

cat -n src/actions/ticket-actions.js | sed -n '80,130p'

Repository: fntechgit/summit-admin

Length of output: 2545

---

🏁 Script executed:

cat -n src/actions/ticket-actions.js | sed -n '1,130p'

Repository: fntechgit/summit-admin

Length of output: 5937

---

🏁 Script executed:

rg "customErrorHandler" -B5 -A50 src/actions/ticket-actions.js | head -80

Repository: fntechgit/summit-admin

Length of output: 2686

---

🏁 Script executed:

rg -B10 "msg +\+=" src/actions/ticket-actions.js

Repository: fntechgit/summit-admin

Length of output: 495

---

🏁 Script executed:

rg "msg\s*=" src/actions/ticket-actions.js | head -20

Repository: fntechgit/summit-admin

Length of output: 48

---

🏁 Script executed:

rg "customErrorHandler" -A60 src/actions/ticket-actions.js | head -100

Repository: fntechgit/summit-admin

Length of output: 3157

---

🏁 Script executed:

rg "let msg|const msg|var msg" src/actions/ticket-actions.js

Repository: fntechgit/summit-admin

Length of output: 48

---

🏁 Script executed:

rg "msg" src/actions/ticket-actions.js -B2 -A2

Repository: fntechgit/summit-admin

Length of output: 434

---

🏁 Script executed:

rg "^(let|const|var)\s+msg|^msg\s*=" src/actions/ticket-actions.js

Repository: fntechgit/summit-admin

Length of output: 48

---

🏁 Script executed:

cat src/actions/ticket-actions.js | grep -n "msg"

Repository: fntechgit/summit-admin

Length of output: 211

---

🏁 Script executed:

sed -n '110,140p' src/actions/ticket-actions.js | cat -n

Repository: fntechgit/summit-admin

Length of output: 1016

---

🏁 Script executed:

head -150 src/actions/ticket-actions.js | tail -100

Repository: fntechgit/summit-admin

Length of output: 4315

---

🏁 Script executed:

wc -l src/actions/ticket-actions.js

Repository: fntechgit/summit-admin

Length of output: 101

---

🏁 Script executed:

rg "msg\s*=" -B20 src/actions/ticket-actions.js | grep -A20 -B20 "msg"

Repository: fntechgit/summit-admin

Length of output: 48

---

Use the text parameter instead of rendering API content via SweetAlert's HTML slot.

Line 127 passes API-derived content directly into SweetAlert2's HTML parameter without sanitization. SweetAlert2 does not sanitize the html parameter by default, creating an XSS vulnerability if backend messages contain markup.

Recommended fix

-      Swal.fire("Validation error", msg, "warning");
+      Swal.fire({
+        title: "Validation error",
+        text: msg.replace(/<br>/g, "\n"),
+        icon: "warning"
+      });

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	Swal.fire("Validation error", msg, "warning");
	Swal.fire({
	title: "Validation error",
	text: msg.replace(/<br>/g, "\n"),
	icon: "warning"
	});

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/actions/ticket-actions.js` at line 127, The Swal.fire call is passing
API-derived content via the HTML slot (Swal.fire("Validation error", msg,
"warning")), which can create XSS; change the call to use the text option
instead and ensure msg is a plain string (e.g. replace with Swal.fire({ title:
"Validation error", text: msg, icon: "warning" })), or alternatively
escape/sanitize msg before displaying; locate the Swal.fire invocation and the
msg variable in src/actions/ticket-actions.js and update the call accordingly.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

VALIDATE payload shape is inconsistent with the condition.

You check err.response.body.errors but dispatch payload.errors = err.response.body (entire body). Since src/reducers/tickets/ticket-type-reducer.js stores payload.errors directly, this can break consumers expecting only the errors object/array.

🧩 Proposed fix

-      if (err.response.body.errors) {
+      if (err.response.body.errors) {
         dispatch({
           type: VALIDATE,
-          payload: { errors: err.response.body }
+          payload: { errors: err.response.body.errors }
         });
       }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if (err.response.body.errors) {
	dispatch({
	type: VALIDATE,
	payload: { errors: err.response.body }
	});
	if (err.response.body.errors) {
	dispatch({
	type: VALIDATE,
	payload: { errors: err.response.body.errors }
	});
	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/actions/ticket-actions.js` around lines 129 - 133, The VALIDATE dispatch
is passing the entire err.response.body as payload.errors while the condition
checks err.response.body.errors; update the dispatch in the error handler (where
VALIDATE is dispatched) to set payload.errors to err.response.body.errors (or
use a safe fallback like err.response.body.errors || {}) so the shape matches
what ticket-type-reducer.js expects; locate the VALIDATE dispatch in
src/actions/ticket-actions.js and replace the payload assignment accordingly.