search

heartcombo / devise

Flexible authentication solution for Rails with Warden.
http://blog.plataformatec.com.br/tag/devise/
MIT License
23.95k stars 5.55k forks source link

Rails 7.1.0 update leads to no warden strategies being found ? #5637

Closed jwoodrow closed 12 months ago

jwoodrow commented 12 months ago

Environment

Current behavior

I was trying to upgrade our rails app to Rails 7.1.0 and now when I try to access a page requiring authentication I get a RuntimeError Invalid strategy trackable on a model that has nothing to do with the one being require for that specific page (Admin for our admin panel and User for our frontend).

Commenting out the devise :database_authenticatable, :confirmable, :registerable, :recoverable, :trackable, :validatable in the User model then makes the same error appear but this time for Admin and commenting out the device :trackable in that model then leads to a undefined method 'authentication_keys' for Admin:Class (which kind of makes sense after removing basically both devise calls on both models)

I don't know if this is specifically related to Rails 7.1.0 but for extra context we also do have 3 custom strategies setup but they don't seem to be causing any interference.

The error occurs here Warden::Proxy#_fetch_strategy

and if I use better_errors to print out the value for @strategies I get this as a result {:user=>{}} almost as if no strategies at all existed

Expected behavior

Arrive on the login page with no errors

gagoit commented 12 months ago

I also faced to this issue, and I saw that came from this change. The hash#deep_merge has been changed behavior:

So when we use Devise.with_options with multiple blocks inside (for adding multiple modules), the options that passed to each module has been merged, that make the Devise::STRATEGIES has been changed in-correctly => warden has failed to load the incorrect strategies

NOTE:

carlosantoniodasilva commented 12 months ago

@gagoit I'm not able to replicate this on a brand new 7.1 app:

Screenshot 2023-10-10 at 09 48 44

I'm still looking, it's possible something fundamental has changed somewhere, but wanted to mention the above in case I'm missing something from your example. Thanks.

gagoit commented 12 months ago

@carlosantoniodasilva Thanks for your info. I've checked the other gems in my project, and saw it's related to the config gem (more details here https://github.com/rails/rails/issues/49457 and https://github.com/rubyconfig/config/pull/342).

Summary: Config gem uses deep_merge and DeepMerge's Hash monkey patch is not compatible with Rails 7.1 (see https://github.com/rails/rails/issues/49457). => that make the behavior of deep_merge is changed in my project => Devise.with_options doesn't work correctly.

Sorry for making you confuse.

carlosantoniodasilva commented 12 months ago

@gagoit thanks for the feedback, glad to know the issue is elsewhere :)

@jwoodrow are you also using the same config gem? It sounds like this could be the culprit.

I tested a brand new app with devise (using this newly created 4-stable branch which contains tweaks for Rails 7.1), and everything appears to be working. If anyone would like to give that a try, let me know if you run into any issues.

jwoodrow commented 12 months ago

@carlosantoniodasilva We are indeed using the config gem, guessing the culprit must be there. Thanks to both of you for looking into this and finding the culprit. Now the question for me is, do I truly still need this gem :D

carlosantoniodasilva commented 12 months ago

Thanks for reporting back. I'll consider this one as closed then for now, but please report back if you run into anything else.

saxxi commented 8 months ago

Thanks for the heads up, for other users:

In order to update rails from 7.0 to 7.1 I had to manually upgrade config gem (from 4.1 to 5.1 in my case) which stopped the error Invalid strategy trackable (was giving error for all strategies, not just trackable).