search

jeremyevans / rodauth

Ruby's Most Advanced Authentication Framework
http://rodauth.jeremyevans.net
MIT License
1.69k stars 95 forks source link

internal_request with path_rewriter causes a FrozenError #425

Closed plujon closed 4 months ago

plujon commented 4 months ago

App.rodauth.login interacts badly with path_rewriter.

require 'roda'
require 'rodauth'
require 'sequel'

DB = Sequel.postgres('test')

class App < Roda
  plugin :path_rewriter

  plugin :rodauth do
    enable :internal_request, :login
  end

  rewrite_path '/abc/', '/def/', :path_info => true

  route do |r|
    r.get do
      App.rodauth.login({ :account_login => 'x', :password => 'y' })
      'hi'
    end
  end
end

run App.app

$ puma

Puma caught this error: can't modify frozen String: "/" (FrozenError)
/var/lib/gems/3.0.0/gems/roda-3.80.0/lib/roda/plugins/path_rewriter.rb:102:in `sub!'
/var/lib/gems/3.0.0/gems/roda-3.80.0/lib/roda/plugins/path_rewriter.rb:102:in `block in rewrite_path'
/var/lib/gems/3.0.0/gems/roda-3.80.0/lib/roda/plugins/path_rewriter.rb:98:in `each'
/var/lib/gems/3.0.0/gems/roda-3.80.0/lib/roda/plugins/path_rewriter.rb:98:in `rewrite_path'
/var/lib/gems/3.0.0/gems/roda-3.80.0/lib/roda/plugins/path_rewriter.rb:88:in `initialize'
/var/lib/gems/3.0.0/gems/roda-3.80.0/lib/roda.rb:491:in `new'
/var/lib/gems/3.0.0/gems/roda-3.80.0/lib/roda.rb:491:in `initialize'
/var/lib/gems/3.0.0/gems/rodauth-2.35.0/lib/rodauth/features/internal_request.rb:331:in `new'
/var/lib/gems/3.0.0/gems/rodauth-2.35.0/lib/rodauth/features/internal_request.rb:331:in `internal_request'
/var/lib/gems/3.0.0/gems/rodauth-2.35.0/lib/rodauth/features/internal_request.rb:415:in `block (3 levels) in post_configure'
config.ru:18:in `block (2 levels) in <class:App>'
/var/lib/gems/3.0.0/gems/roda-3.80.0/lib/roda/request.rb:536:in `always'
/var/lib/gems/3.0.0/gems/roda-3.80.0/lib/roda/request.rb:527:in `_verb'
/var/lib/gems/3.0.0/gems/roda-3.80.0/lib/roda/request.rb:104:in `get'
config.ru:17:in `block in <class:App>'
/var/lib/gems/3.0.0/gems/roda-3.80.0/lib/roda.rb:522:in `_roda_run_main_route'
/var/lib/gems/3.0.0/gems/roda-3.80.0/lib/roda.rb:500:in `block in _roda_handle_main_route'
/var/lib/gems/3.0.0/gems/roda-3.80.0/lib/roda.rb:498:in `catch'
/var/lib/gems/3.0.0/gems/roda-3.80.0/lib/roda.rb:498:in `_roda_handle_main_route'
/var/lib/gems/3.0.0/gems/roda-3.80.0/lib/roda/plugins/error_handler.rb:88:in `_roda_handle_main_route'
/var/lib/gems/3.0.0/gems/roda-3.80.0/lib/roda.rb:384:in `block in base_rack_app_callable'
/var/lib/gems/3.0.0/gems/puma-6.4.2/lib/puma/configuration.rb:272:in `call'
/var/lib/gems/3.0.0/gems/puma-6.4.2/lib/puma/request.rb:100:in `block in handle_request'
/var/lib/gems/3.0.0/gems/puma-6.4.2/lib/puma/thread_pool.rb:378:in `with_force_shutdown'
/var/lib/gems/3.0.0/gems/puma-6.4.2/lib/puma/request.rb:99:in `handle_request'
/var/lib/gems/3.0.0/gems/puma-6.4.2/lib/puma/server.rb:464:in `process_client'
/var/lib/gems/3.0.0/gems/puma-6.4.2/lib/puma/server.rb:245:in `block in run'
/var/lib/gems/3.0.0/gems/puma-6.4.2/lib/puma/thread_pool.rb:155:in `block in spawn_thread'
jeremyevans commented 4 months ago

Does this fix the issue?:

index 2b51a99..2010952 100644
--- a/lib/rodauth/features/internal_request.rb
+++ b/lib/rodauth/features/internal_request.rb
@@ -311,7 +311,7 @@ module Rodauth

       env = {
          'REQUEST_METHOD'=>'POST',
-         'PATH_INFO'=>'/',
+         'PATH_INFO'=>'/'.dup,
          "SCRIPT_NAME" => "",
          "HTTP_HOST" => INVALID_DOMAIN,
          "SERVER_NAME" => INVALID_DOMAIN,