search

Hobo / hobo

The web app builder for Rails (moved from tablatom/hobo)
http://hobocentral.net
103 stars 39 forks source link

2.0.0.pre7 hobo_login - block returning false allows login on second attempt #16

Closed enwood closed 11 years ago

enwood commented 11 years ago

(Ticket 1025 from Lighthouse)

According to notes CHANGES-1.1.txt, returning false from a block passed to hobo_login will prevent the user from logging in.

In a new test 2.0.0.pre7 application, Hobo is allowing a login on a second attempt even if hobo_login block returns false.

Simple test:

def login hobo_login do flash[:error] = "This is just a test." return false end end On first login, you will be rejected and the flash[:error] message will be shown. If you then try again, you will be granted access.

Even adding current_user.forget_me before returning false doesn't make a difference.

bryanlarsen commented 11 years ago

There was indeed a bug in Hobo, but your code still won't work as is. You cannot "return" from a block in Ruby, that returns from the function that uses the block. Design flaw IMO, but legacy now.

instead:

def login
  hobo_login do
    flash[:error] = "This is just a test."
    false
  end
end