From b7fa5447e565d8460aed29023866fde2ed1870f2 Mon Sep 17 00:00:00 2001
From: David Zuckerman <dzuckerm@berkeley.edu>
Date: Wed, 1 Apr 2026 11:55:00 -0700
Subject: [PATCH 1/5] redirecting if jwt is not see for /fees path

---
 app/controllers/fees_controller.rb | 9 +++++++--
 spec/request/fees_request_spec.rb  | 4 ++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/app/controllers/fees_controller.rb b/app/controllers/fees_controller.rb
index d6951fcb..622d3106 100644
--- a/app/controllers/fees_controller.rb
+++ b/app/controllers/fees_controller.rb
@@ -1,6 +1,9 @@
 require 'jwt'
 
 class FeesController < ApplicationController
+
+  rescue_from ActionController::ParameterMissing, with: :missing_params
+
   # This will be needed for transaction_complete since Paypal will hit that
   protect_from_forgery with: :null_session
 
@@ -13,6 +16,10 @@ def index
     redirect_to(action: :transaction_error)
   end
 
+  def missing_params(_error)
+    redirect_to 'https://lib.berkeley.edu/find/borrow-renew?section=pay-fees', allow_other_host: true
+  end
+
   def efee
     @jwt = params.require(:jwt)
     secret = EfeesInvoice.secret
@@ -73,8 +80,6 @@ def transaction_complete
     render json: { status: 'silent post received' }
   end
 
-  private
-
   def authorize!
     return if Rails.env.development?
 
diff --git a/spec/request/fees_request_spec.rb b/spec/request/fees_request_spec.rb
index 89043ccd..67dab6ec 100644
--- a/spec/request/fees_request_spec.rb
+++ b/spec/request/fees_request_spec.rb
@@ -12,9 +12,9 @@ def base_url_for(user_id = nil)
     allow(Rails.application.config).to receive(:alma_api_key).and_return(alma_api_key)
   end
 
-  it 'shows a Bad Request error if request has no jwt' do
+  it 'redirects to the fallback URL if there is no jwt' do
     get fees_path
-    expect(response).to have_http_status(:bad_request)
+    expect(response).to redirect_to('https://lib.berkeley.edu/find/borrow-renew?section=pay-fees')
   end
 
   it 'redirects to error page if request has a non-existant alma id' do

From 2b70111224353f90943fe93a1f6b49e1ff739554 Mon Sep 17 00:00:00 2001
From: David Zuckerman <dzuckerm@berkeley.edu>
Date: Wed, 1 Apr 2026 12:10:24 -0700
Subject: [PATCH 2/5] moved missing_params under private

---
 app/controllers/fees_controller.rb | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/app/controllers/fees_controller.rb b/app/controllers/fees_controller.rb
index 622d3106..240cd907 100644
--- a/app/controllers/fees_controller.rb
+++ b/app/controllers/fees_controller.rb
@@ -16,10 +16,6 @@ def index
     redirect_to(action: :transaction_error)
   end
 
-  def missing_params(_error)
-    redirect_to 'https://lib.berkeley.edu/find/borrow-renew?section=pay-fees', allow_other_host: true
-  end
-
   def efee
     @jwt = params.require(:jwt)
     secret = EfeesInvoice.secret
@@ -80,6 +76,12 @@ def transaction_complete
     render json: { status: 'silent post received' }
   end
 
+  private 
+
+  def missing_params(_error)
+    redirect_to 'https://lib.berkeley.edu/find/borrow-renew?section=pay-fees', allow_other_host: true
+  end
+
   def authorize!
     return if Rails.env.development?
 

From 8d7a504ed254f51b81bf2ad90a2dd6e6e3fa9f92 Mon Sep 17 00:00:00 2001
From: David Zuckerman <dzuckerm@berkeley.edu>
Date: Wed, 1 Apr 2026 12:20:11 -0700
Subject: [PATCH 3/5] removed empty space

---
 app/controllers/fees_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/fees_controller.rb b/app/controllers/fees_controller.rb
index 240cd907..efbf3ea9 100644
--- a/app/controllers/fees_controller.rb
+++ b/app/controllers/fees_controller.rb
@@ -76,7 +76,7 @@ def transaction_complete
     render json: { status: 'silent post received' }
   end
 
-  private 
+  private
 
   def missing_params(_error)
     redirect_to 'https://lib.berkeley.edu/find/borrow-renew?section=pay-fees', allow_other_host: true

From ebc5e9f0c07c663f74af0d1cff8f1379fff72830 Mon Sep 17 00:00:00 2001
From: David Zuckerman <dzuckerm@berkeley.edu>
Date: Wed, 1 Apr 2026 12:56:48 -0700
Subject: [PATCH 4/5] only redirecting if jwt is missing for the index action
 for fees

---
 app/controllers/fees_controller.rb | 20 ++++++++------------
 spec/request/fees_request_spec.rb  |  2 +-
 2 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/app/controllers/fees_controller.rb b/app/controllers/fees_controller.rb
index efbf3ea9..943c98cd 100644
--- a/app/controllers/fees_controller.rb
+++ b/app/controllers/fees_controller.rb
@@ -2,18 +2,18 @@
 
 class FeesController < ApplicationController
 
-  rescue_from ActionController::ParameterMissing, with: :missing_params
-
   # This will be needed for transaction_complete since Paypal will hit that
   protect_from_forgery with: :null_session
 
   def index
-    @jwt = params.require(:jwt)
-    decoded_token = JWT.decode @jwt, nil, false
-    @alma_id = decoded_token.first['userName']
-    @fees = FeesPayment.new(alma_id: @alma_id)
-  rescue JWT::DecodeError
-    redirect_to(action: :transaction_error)
+      @jwt = params.require(:jwt)
+      decoded_token = JWT.decode @jwt, nil, false
+      @alma_id = decoded_token.first['userName']
+      @fees = FeesPayment.new(alma_id: @alma_id)
+    rescue ActionController::ParameterMissing
+      redirect_to 'https://www.lib.berkeley.edu/find/borrow-renew?section=pay-fees', allow_other_host: true
+    rescue JWT::DecodeError
+      redirect_to(action: :transaction_error)
   end
 
   def efee
@@ -78,10 +78,6 @@ def transaction_complete
 
   private
 
-  def missing_params(_error)
-    redirect_to 'https://lib.berkeley.edu/find/borrow-renew?section=pay-fees', allow_other_host: true
-  end
-
   def authorize!
     return if Rails.env.development?
 
diff --git a/spec/request/fees_request_spec.rb b/spec/request/fees_request_spec.rb
index 67dab6ec..b54f9339 100644
--- a/spec/request/fees_request_spec.rb
+++ b/spec/request/fees_request_spec.rb
@@ -14,7 +14,7 @@ def base_url_for(user_id = nil)
 
   it 'redirects to the fallback URL if there is no jwt' do
     get fees_path
-    expect(response).to redirect_to('https://lib.berkeley.edu/find/borrow-renew?section=pay-fees')
+    expect(response).to redirect_to('https://www.lib.berkeley.edu/find/borrow-renew?section=pay-fees')
   end
 
   it 'redirects to error page if request has a non-existant alma id' do

From c8b368013ebaa22f480b8ca8f8fd3e9aea1f9187 Mon Sep 17 00:00:00 2001
From: David Zuckerman <dzuckerm@berkeley.edu>
Date: Wed, 1 Apr 2026 13:08:53 -0700
Subject: [PATCH 5/5] fixed rubocop indentation error

---
 app/controllers/fees_controller.rb | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/app/controllers/fees_controller.rb b/app/controllers/fees_controller.rb
index 943c98cd..6309ffa9 100644
--- a/app/controllers/fees_controller.rb
+++ b/app/controllers/fees_controller.rb
@@ -6,14 +6,14 @@ class FeesController < ApplicationController
   protect_from_forgery with: :null_session
 
   def index
-      @jwt = params.require(:jwt)
-      decoded_token = JWT.decode @jwt, nil, false
-      @alma_id = decoded_token.first['userName']
-      @fees = FeesPayment.new(alma_id: @alma_id)
-    rescue ActionController::ParameterMissing
-      redirect_to 'https://www.lib.berkeley.edu/find/borrow-renew?section=pay-fees', allow_other_host: true
-    rescue JWT::DecodeError
-      redirect_to(action: :transaction_error)
+    @jwt = params.require(:jwt)
+    decoded_token = JWT.decode @jwt, nil, false
+    @alma_id = decoded_token.first['userName']
+    @fees = FeesPayment.new(alma_id: @alma_id)
+  rescue ActionController::ParameterMissing
+    redirect_to 'https://www.lib.berkeley.edu/find/borrow-renew?section=pay-fees', allow_other_host: true
+  rescue JWT::DecodeError
+    redirect_to(action: :transaction_error)
   end
 
   def efee