search

heartcombo / devise

Flexible authentication solution for Rails with Warden.
http://blog.plataformatec.com.br/tag/devise/
MIT License
24k stars 5.55k forks source link

`devise_for` parameter `format` not working as expected #5500

Open ClearlyClaire opened 2 years ago

ClearlyClaire commented 2 years ago

Environment

Current behavior

When calling devise_for with a format: false parameter, i.e.:

# frozen_string_literal: true

Rails.application.routes.draw do
  devise_for :users, format: false, path: 'auth'
end

The generated routes include (.:format):

$ bundle exec rails routes
                  Prefix Verb   URI Pattern                      Controller#Action
        new_user_session GET    /auth/sign_in(.:format)          devise/sessions#new {:format=>false}
            user_session POST   /auth/sign_in(.:format)          devise/sessions#create {:format=>false}
    destroy_user_session DELETE /auth/sign_out(.:format)         devise/sessions#destroy {:format=>false}
       new_user_password GET    /auth/password/new(.:format)     devise/passwords#new {:format=>false}
      edit_user_password GET    /auth/password/edit(.:format)    devise/passwords#edit {:format=>false}
           user_password PATCH  /auth/password(.:format)         devise/passwords#update {:format=>false}
                         PUT    /auth/password(.:format)         devise/passwords#update {:format=>false}
                         POST   /auth/password(.:format)         devise/passwords#create {:format=>false}
cancel_user_registration GET    /auth/cancel(.:format)           devise/registrations#cancel {:format=>false}
   new_user_registration GET    /auth/sign_up(.:format)          devise/registrations#new {:format=>false}
  edit_user_registration GET    /auth/edit(.:format)             devise/registrations#edit {:format=>false}
       user_registration PATCH  /auth(.:format)                  devise/registrations#update {:format=>false}
                         PUT    /auth(.:format)                  devise/registrations#update {:format=>false}
                         DELETE /auth(.:format)                  devise/registrations#destroy {:format=>false}
                         POST   /auth(.:format)                  devise/registrations#create {:format=>false}
   new_user_confirmation GET    /auth/confirmation/new(.:format) devise/confirmations#new {:format=>false}
       user_confirmation GET    /auth/confirmation(.:format)     devise/confirmations#show {:format=>false}
                         POST   /auth/confirmation(.:format)     devise/confirmations#create {:format=>false}

Expected behavior

I would expect format: false to result in the following:

                  Prefix Verb   URI Pattern            Controller#Action
        new_user_session GET    /auth/sign_in          devise/sessions#new
            user_session POST   /auth/sign_in          devise/sessions#create
    destroy_user_session DELETE /auth/sign_out         devise/sessions#destroy
       new_user_password GET    /auth/password/new     devise/passwords#new
      edit_user_password GET    /auth/password/edit    devise/passwords#edit
           user_password PATCH  /auth/password         devise/passwords#update
                         PUT    /auth/password         devise/passwords#update
                         POST   /auth/password         devise/passwords#create
cancel_user_registration GET    /auth/cancel           devise/registrations#cancel
   new_user_registration GET    /auth/sign_up          devise/registrations#new
  edit_user_registration GET    /auth/edit             devise/registrations#edit
       user_registration PATCH  /auth                  devise/registrations#update
                         PUT    /auth                  devise/registrations#update
                         DELETE /auth                  devise/registrations#destroy
                         POST   /auth                  devise/registrations#create
   new_user_confirmation GET    /auth/confirmation/new devise/confirmations#new
       user_confirmation GET    /auth/confirmation     devise/confirmations#show
                         POST   /auth/confirmation     devise/confirmations#create
ClearlyClaire commented 2 years ago

I believe the following change addresses the issue, but I have not tested this under any other version of Rails:

diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb
index 004b9857..c79abb59 100644
--- a/lib/devise/rails/routes.rb
+++ b/lib/devise/rails/routes.rb
@@ -235,7 +235,6 @@ module ActionDispatch::Routing
       options[:constraints]   = (@scope[:constraints] || {}).merge(options[:constraints] || {})
       options[:defaults]      = (@scope[:defaults] || {}).merge(options[:defaults] || {})
       options[:options]       = @scope[:options] || {}
-      options[:options][:format] = false if options[:format] == false

       resources.map!(&:to_sym)

@@ -462,7 +461,7 @@ ERROR
         current_scope = @scope.dup

         exclusive = { as: new_as, path: new_path, module: nil }
-        exclusive.merge!(options.slice(:constraints, :defaults, :options))
+        exclusive.merge!(options.slice(:constraints, :format, :defaults, :options))

         if @scope.respond_to? :new
           @scope = @scope.new exclusive