Set warden scope on user data

[javierjulio]

Description

We had removed any user PII from our Bugsnag integration in a large Rails app but we noticed that the default user tab data may still get set (with clear user data) when our before_bugsnag_notify controller method wouldn't apply, e.g. ActionController::InvalidAuthenticityToken error.

While we can remove the user PII entirely, we'd rather just include the id and a link to our admin for that user, just as we do with our current before_bugsnag_notify controller method concern. The issue is that we have User and AdminUser models using Devise and with Bugsnag's WardenUser middleware it does not provide the warden scope.

https://github.com/bugsnag/bugsnag-ruby/blob/e5afde582907bd902b1161b99792522098742694/lib/bugsnag/middleware/warden_user.rb#L25-L30

So if we had an id of 2, we wouldn't know if it's a User or AdminUser without the warden scope.

Describe the solution you'd like

Include a scope key in the user object with the warden scope value so its available through the event user data documented in: https://docs.bugsnag.com/platforms/ruby/rails/customizing-error-reports/#user as part of event.user[:scope], for example:

puts event.user[:id], event.user[:scope]
> 2
> :admin_user

With this new key, we could use that in an on-error callback https://docs.bugsnag.com/platforms/ruby/rails/customizing-error-reports/#on-error-callbacks in our Bugsnag configuration vs having in each controller (through a concern).

On a related note, are methods like current_user available from an on-error callback?

[johnkiely1]

Hi @javierjulio, sounds like a reasonable idea to us, so we've added a task to the backlog to get this added in the future. We will let you know of updates here.

[RobertoSmartBear]

This issue is closed by the release of bugsnag-ruby v6.27.0 on 23-05-2024.