heartcombo / devise

Flexible authentication solution for Rails with Warden.
http://blog.plataformatec.com.br/tag/devise/
MIT License
24.02k stars 5.55k forks source link

Getting Authentication passthru for Omniauth when Devise.setup is wrapped under Rails.application.reloader.to_prepare #5699

Open kcore opened 4 months ago

kcore commented 4 months ago

Pre-check

Environment

Current behavior

As part of the ruby 3.0 & Rails 7 upgrade prep, I updated config.active_support.deprecation = :raise so that we understand what all we need to fix before we move. One of the first things that came was DEPRECATION WARNING: Initialization autoloaded the constant Devise::Mailer so I wrapped the entire config/initializers/devise.rb contents under Rails.application.reloader.to_prepare

Rails.application.reloader.to_prepare do
     Devise.setup do |config|
        ...
     end
end

Everything worked like a charm; until it didn't! We use omniauth (google, microsoft etc). The authorize urls starting to fail with "not found. authentication passthru"

Started POST "/users/auth/google_oauth2" for ::1 at 2024-07-09 15:50:21 +0530
Processing by Users::OmniauthCallbacksController#passthru as HTML
  Parameters: {"authenticity_token"=>"XXXXXXXXXXXXXXXXXXX"}
  Rendering text template
  Rendered text template (Duration: 0.0ms | Allocations: 3)
Completed 404 Not Found in 59ms (Views: 5.5ms | MongoDB: 0.0ms | Allocations: 70764)

Strangely, with the reloader block, even if I removed the oauth strategy registration

config.omniauth :google_oauth2, OAUTH_GOOGLE_CLIENT_ID, OAUTH_GOOGLE_SECRET, {
    name: 'google_oauth2',
    scope: OAUTH_GOOGLE_CALENDAR_SCOPE.join(","),
    prompt: "consent",
    strategy_class: OmniAuth::Strategies::GoogleOauth2
  }

the authorizer urls (user_google_oauth2_omniauth_authorize_path) still didn't give any errors and loaded just fine which led to the believe that there was some issue in the Devise.setup part eventually leading to me realising the only change that was done was adding the reloader block!

I finally update my devise initializer to move out of the reloader block and everything started to work again!

Rails.application.reloader.to_prepare do
  Devise::Mailer.default .......
end
Devise.setup do |config|
  ....
end

Can someone please explain why this happened and if this is indeed a bug or an expected behaviour?

Expected behavior

Adding the entire devise setup block under Rails.reloader should not affect its behaviour

jomsie commented 3 months ago

I had this same issue, and thank you @kcore for the temporary(?) fix!