Exception: Ruact::InvalidSignedGlobalIDError
- Defined in:
- lib/ruact/errors.rb
Overview
Story 13.2 (FR96) — raised by Ruact.locate_signed when a SignedGlobalID
token fails verification: a tampered signature, an expired token, or a token
scoped to a different for: purpose (GlobalID::Locator.locate_signed
returns nil). Inherits from Ruact::Error so the Story 8.4
rescue_from StandardError chain catches it cleanly; __ruact_status_for
maps it to HTTP 400 (Bad Request) — a forged/expired reference is an
invalid credential the client supplied, NOT a missing record. This keeps
ActiveRecord::RecordNotFound from leaking and never reveals whether the
target record exists (verification fails before any DB lookup). A valid
token whose record was since deleted is NOT this error — the underlying
finder (ActiveRecord::RecordNotFound) propagates and is the host's normal
not-found concern, exactly as a raw Model.find would be.