Integrating Rails 8 authentication with Avo

matiaskorhonen commented 3 days ago

Describe the bug

I'm trying to figure out how to integration Rails 8's new built-in/generated authentication with Avo and it's a bit of a struggle.

Steps to Reproduce

Steps to reproduce the behavior:

Create a new Rails 8 app (rails new avo-rails-8-auth)
Install Avo as usual (bin/rails app:template LOCATION='https://avohq.io/app-template')
Set up authentication (bin/rails generate authentication && rails db:migrate)
Somehow configure Avo to authenticate using the methods in the Authentication concern (app/controllers/concerns/authentication.rb)

Expected behavior & Actual behavior

Configuring the authentication in Avo is unintuitive. Maybe the Avo application controller needs to be monkey patched to include the Authentication concern? I tried doing that but couldn't get it to actually work…

Models and resource files

Reproduction repo at: https://github.com/matiaskorhonen/avo-rails-8-auth

System configuration

Avo version: 3.13.7

Rails version: 8.0.0.rc1

Ruby version: 3.3.5

License type:

[x] Community
[ ] Pro
[ ] Advanced

Are you using Avo monkey patches, overriding views or view components?

[ ] Yes. If so, please post code samples.
[x] No

Screenshots or screen recordings

—

Additional context

—

Impact

[x] High impact (It makes my app un-usable.)
[ ] Medium impact (I'm annoyed, but I'll live.)
[ ] Low impact (It's really a tiny thing that I could live with.)

(High impact but on a project that doesn't matter)

Urgency

[x] High urgency (I can't continue development without it.)
[ ] Medium urgency (I found a workaround, but I'd love to have it fixed.)
[ ] Low urgency (It can wait. I just wanted you to know about it.)

adrianthedev commented 2 days ago

I'm having a look into this one. The quick quick fix is to add this somewhere (I adde it at the end of avo.rb intitializer), but I'm working to support this use case easier.

Rails.configuration.to_prepare do
  Avo::ApplicationController.include Authentication
end

davidlormor commented 17 hours ago

@matiaskorhonen @adrianthedev I was just hacking on a new Rails 8 app tonight and decided to give it a shot...MAN, what a pain. The initial solution from Adrian worked great, but everything blew up as soon as I added Pundit for authorization. I spent hours trying to figure out why my policy scopes were receiving nil for the user argument.

Turns out that the before_action :require_authentication wasn't firing before Avo tried to look up the current user. I swapped it to prepend_before_action :require_authentication and it's all working now 😅

That's probably a safe change for the new Rails 8 auth template anyways, as you probably want to authenticate a user before attempting to do anything else in most cases.

avo-hq / avo