Closed davidkrider closed 2 years ago
Just guessing; assuming Devise::TwoFactorAuthenticationController
inherits from ApplicationController
, and you happen to have the after_action
-filter from the Pundit README, then you will get this error because that controller isn't calling authorize
anywhere.
One way around this is to skip authorization for all devise controllers, something like this:
class ApplicationController < ActionController::Base
include Pundit
after_action :verify_authorized, unless: :devise_controller?
end
I've "taken the training wheels off" my Pundit setup by adding
after_action :verify_authorized
to my ApplicationPolicy. I'm using Devise with the two_factor_authentication plugin, and ActiveAdmin. So Devise authentications have now been "absorbed" into the/admin
namespace, and the 2-factor controller lives somewhere in the mix. This has been working fine until I forced explicit definitions of policy. Now, when the app tries to serve the page to allow a user to enter the OTP, I get the following error:There are hints in there about where my policy should go and what it should be named and what model it should apply to, but I've tried a dozen configurations, and I can't seem to sort it out. There are no obvious variables to inspect at the point of the failure to lead me to understand what file path, policy name, and class Pundit is looking for. How should I cover this path with a policy?