[Core: Module] Handle 500 errors properly

php/libraries/Module.class.inc

@@ -26,6 +26,12 @@ use \Psr\Http\Message\ResponseInterface;
  */
 class Module extends \LORIS\Router\PrefixRouter implements RequestHandlerInterface
 {
+    const GENERIC_500_ERROR   = "We're sorry, LORIS has encountered an internal "
+        . "server error. Please contact your project administrator for more "
+        . "information.";
+    const CONFIGURATION_ERROR = "LORIS configuration settings are invalid or "
+        . "missing and as a result execution cannot proceed. Please contact "
+        . "your project administrator and/or verify your LORIS configuration.";
     protected $name;
     protected $dir;
 
@@ -265,6 +271,7 @@ class Module extends \LORIS\Router\PrefixRouter implements RequestHandlerInterfa
                 );
             }
         } catch (\NotFound $e) {
+            error_log("IN the NotFound exception");
             return (new \LORIS\Middleware\PageDecorationMiddleware(
                 $request->getAttribute("user") ?? new \LORIS\AnonymousUser()
             ))->process(
@@ -277,8 +284,75 @@ class Module extends \LORIS\Router\PrefixRouter implements RequestHandlerInterfa
                     )
                 )
             );
+            /* Catch more specific errors that may be thrown in the codebase.
+            * Without handling these exceptions explicitly, LORIS will display
+            * a 404 error and swallow the exception, hindering debugging efforts.
+            *
+            * NOTE The order of these catch statements matter and should go from
+            * most to least specific. Otherwise all Exceptions will be caught
+            * as their more generic parent class which reduces precision.
+            */
+        } catch (\DatabaseException $e) {
+            error_log($e);
+            return $this->responseStatus500(
+                $request,
+                $user,
+                self::GENERIC_500_ERROR
+            );
+        } catch (\ConfigurationException $e) {
+            error_log($e);
+            error_log(self::CONFIGURATION_ERROR);
+            return $this->responseStatus500(
+                $request,
+                $user,
+                self::CONFIGURATION_ERROR
+            );
+        } catch (\LorisException $e) {
+            error_log($e);
+            return $this->responseStatus500(
+                $request,
+                $user,
+                self::GENERIC_500_ERROR
+            );
+        } catch (\Exception $e) {
+            error_log($e);
+            return $this->responseStatus500(
+                $request,
+                $user,
+                self::GENERIC_500_ERROR
+            );
         }
 
         return $page->process($request, $page);
     }
+
+    /**
+     * Return a properly-decorated response with status 500. Used to handle
+     * exceptions thrown within the codebase in a graceful way.
+     *
+     * @param ServerRequestInterface $request The request to process.
+     * @param \User                  $user    The user to decorate the page with.
+     * @param string                 $message An error message explaining the
+     *                                  500 code to the user.
+     *
+     * @return ResponseInterface A properly decorated 500 response.
+     */
+    function responseStatus500(
+        ServerRequestInterface $request,
+        \User $user,
+        string $message
+    ): ResponseInterface {
+        return (new \LORIS\Middleware\PageDecorationMiddleware(
+            $user
+        ))->process(
+            $request,
+            new \LORIS\Router\NoopResponder(
+                new \LORIS\Http\Error(
+                    $request,
+                    500,
+                    $message
+                )
+            )
+        );
+    }
 }

smarty/templates/500.tpl

@@ -1,6 +1,4 @@
 <div class="container">
-{foreach from=$error_message item=message}
-    <h2>{$message}</h2>
-{/foreach}
+    <h3>{$message}</h3>
     <div><a href="{$baseurl}">Go to main page</a></div>
 </div>