Token headers are missing when using multiple models and call both current_*

[sebfie]

When posting issues, please include the following information to speed up the troubleshooting process:

• Version: master, commit `fc9ba01d12d6f8b3a2a92f0732213073136dc4d0

Hello, We noted an issue with authentication using the master branch of devise token auth. We noted that response headers didn't return the necessary info, uid and access token.

• We have two models using devise token auth : User and Admin. a user or an admin can authenticate on our API by passing the headers (client, uid, access token)

• For the User model, the devise internal mapping is user, and for the admin admin

• In our ApplicationController we have a method to return of object and depending of current_user or current_admin it returns a différent object, so it calls both current_admin and current_user

• On the same request, if we call both : current_user and current_admin then headers are not set.

From our understanding, it's due to the @resource variable being nil when we are in https://github.com/lynndylanhurley/devise_token_auth/blob/master/app/controllers/devise_token_auth/concerns/set_user_by_token.rb#L98

1. I make a request using Api::Application authenticated headers
2. I call current_admin => It's ok and @resource is set to the corresponding resource
3. Then later on the controller I call current_user => @resource is set to nil
4. Then I call current_admin again => @resource stays to nil
5. Then because @resource is nil, request headers are not set.

We noted that bug after putting in production an upgrade from ruby 2.7 to ruby 3.1, that included a necessary upgrade of this gem from 1.1.5 to master, the difference of the code between the 2 is here: https://github.com/lynndylanhurley/devise_token_auth/compare/c922580..23d6b81 But we could not pin point the cause of the error.

A DEMO APP pointing the issue is here : https://github.com/sebfie/devise_token_auth_multiple_model_issue

You have a readme to reproduce

[sebfie]

@lynndylanhurley Can you have a look ? Thank you !

[jeremylynch]

Is it possible this may solve your issue?

https://stackoverflow.com/questions/36505937/devise-token-auth-with-multiple-models-and-auth-headers

[sebfie]

We found a monkey solution (do not call current_admin if current_user...) but I think it should be fixed in this gem.

[MaicolBen]

@sebfie can you make a PR?

[sebfie]

Hello, i do not know how to fix it!

[sebfie]

@MaicolBen I think it can be great to fix it. Btw I do not know how, sry