Login not working after update to v15.8

[snooptl]

I recently updated our pageflow from v15.2 to v15.8. After restarting the app via phusion-passenger the URL of the backend-login (domain.tld/admin/login/) returns a 404.

my config/routes.rb:

require 'resque/server'
require 'resque_scheduler/server'

Rails.application.routes.draw do
  ActiveAdmin.routes(self)
  Pageflow.routes(self)
  devise_for :users, ActiveAdmin::Devise.config

  authenticate :user, lambda { |user| user.admin? } do
    mount Resque::Server.new, at: "/background_jobs"
  end
  mount Pageflow::Chart::Engine, at: '/chart'
  mount Pageflow::ExternalLinks::Engine, at: '/external_links'
end

One thing I noticed: when I move the call of devise_for before Pageflow.routes(self) the login-form reappears, but the error ActionController::InvalidAuthenticityToken in ActiveAdmin::Devise::SessionsController#create is shown after sending the form (a stackoverflow-issue with the error).

Any help would be greatly appreceated.

[tf]

Yes, you are right. This is sort of a breaking change that went unnoticed in 15.8: Since Pageflow now also supports sub directories in entry permalinks (e.g. /en/my-entry), Pageflow.routes now also has a wild card matcher for non root level routes. This means Pageflow.routes needs to be last in routes.rb.

We should probably adapt the install generator to make it last and also include a comment that points this out.

Regarding the authenticity token error, in this Devise issue people report similar problems while updating Devise with different solutions. Maybe something also helps in your case?