search

heartcombo / devise

Flexible authentication solution for Rails with Warden.
http://blog.plataformatec.com.br/tag/devise/
MIT License
23.85k stars 5.53k forks source link

Authentication fails when using Turbo: redirects to login #5608

Closed hslzr closed 1 year ago

hslzr commented 1 year ago

Pre-check

I checked #5358 and #5562 but the solutions provided there did not fix my issue.

Environment

Current behavior

Typical Devise app, I currently have this controller

class CampaignsController < ApplicationController
  before_action :authenticate_user!
  before_action :set_campaign, only: [:show, :edit, :update, :destroy]
 ...

The login form at app/views/devise/sessions/new.html.erb has data: { turbo: false } to disable the Turbo request. I also tried with ... html: { data: { turbo: false }}. They output the same HTML so I'm not sure if that's the issue.

   <%= form_for(resource, as: resource_name, data: { turbo: false }, url: session_path(resource_name)) do |f| %>

Relevant settings in my config/initializers/devise.rb:

Devise.setup do |config|
  config.navigational_formats = ['*/*', :html, :turbo_stream]
  config.responder.error_status = :unprocessable_entity
  config.responder.redirect_status = :see_other
end

Expected behavior

After filling in the login information, I should be redirected to /campaigns as I'm supposed to.

Actual behavior

I'm logged in, but the request to /campaigns returns a 401 unauthorized response. Looking at the logs, I think the authentication form works but then it's failing on the very next request?

As I'm redirected to users/sign_in, I get the flash message: You need to sign in or sign up before continuing.

Logs

Started GET "/users/sign_in" for 127.0.0.1 at 2023-07-16 15:07:11 -0600
Processing by Devise::SessionsController#new as HTML
   Rendering layout layouts/application.html.erb
   Rendering devise/sessions/new.html.erb within layouts/application
   Rendered devise/sessions/new.html.erb within layouts/application (Duration: 10.4ms | Allocations: 1537)
   Rendered layout layouts/application.html.erb (Duration: 14.9ms | Allocations: 5025)
 Completed 200 OK in 18ms (Views: 16.9ms | ActiveRecord: 0.0ms | Allocations: 6362)

Started POST "/users/sign_in" for 127.0.0.1 at 2023-07-16 15:07:25 -0600
Processing by Devise::SessionsController#create as HTML
   Parameters: {"authenticity_token"=>"[FILTERED]", "user"=>{"email"=>"demo@demo.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log in"}
   User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."email" = ? ORDER BY "users"."id" ASC LIMIT ?  [["email", "demo@demo.com"], ["LIMIT", 1]]
 Redirected to http://localhost:3000/campaigns
 Completed 303 See Other in 263ms (ActiveRecord: 0.1ms | Allocations: 2610)

Started GET "/campaigns" for 127.0.0.1 at 2023-07-16 15:07:25 -0600
 Processing by CampaignsController#index as HTML
   User Load (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT ?  [["id", nil], ["LIMIT", 1]]
 Completed 401 Unauthorized in 3ms (ActiveRecord: 0.0ms | Allocations: 1337)

Started GET "/users/sign_in" for 127.0.0.1 at 2023-07-16 15:07:25 -0600
Processing by Devise::SessionsController#new as HTML
   Rendering layout layouts/application.html.erb
   Rendering devise/sessions/new.html.erb within layouts/application
   Rendered devise/sessions/new.html.erb within layouts/application (Duration: 1.6ms | Allocations: 1083)
   Rendered layout layouts/application.html.erb (Duration: 4.0ms | Allocations: 4198)
 Completed 200 OK in 5ms (Views: 4.3ms | ActiveRecord: 0.0ms | Allocations: 4848)

Edit I'm not being logged in, and I tested this with a simple example. In my root_path (pages_controller#index), I added a simple

<% if current_user %>
  <p>Hello, <%= current_user.email %></p>
<% else %>
  <p> Hello, guest </p>
<% end %>

And, well, I get both the flash message and the "not-logged in" view. Screenshot 2023-07-16 at 16 47 39

kg-currenxie commented 2 months ago

@hslzr did you manage to fix it? I have the same issue :P