[Bug fix] Redirect EnsureAuthenticatedLinks to login page if shop domain not found #1158
Conversation
NabeelAhsen
force-pushed
the
NabeelAhsen/fix-non-embedded-state-of-EnsureAuthenticatedConcern
branch
from
89cfb2b
to
6c5a46e
Compare
NabeelAhsen
changed the title
There was a problem hiding this comment.
This makes sense to me, but I'm curious about why we don't want to raise anything here? Would we want to communicate to the app user that some information was missing or that something went wrong? Or is the scenario simply a "you need to actually log in to do that" in which case landing on the login page is enough?
I think the message that is being conveyed here is:
With the current implementation, app developers see a nasty rails error thrown. The likely move in this scenario would be to (almost always?) go login and get the app into an embedded state. The Edit: I'm still on the fence on whether hiding this error message is the right call or not, but rescuing it here is more consistent with the experience users had in the world of cookies. |
…reAuthenticatedConcern
Those are all good points. If we're not sure if this is the right behaviour, would it make sense to log this, so we have some means of keeping track of it? |
The behaviour I'm proposing in this PR is actually mirrored here under a slightly different context: There is work underway that aims to add deliberate observability (and logging) to this gem. I'm tempted to defer the decision to log anything here until we can inventory the circumstances for redirects; this includes stale sessions, cookie dependencies, and expired tokens. What are your thoughts on this? |
|
That sounds sensible to me. I would advocate for adding the logging ahead of the bigger refactoring only if this is a risky scenario where we could break apps. Since this is a very specific case and every condition points to there not being a session it is probably safe to defer it. That being said, I would definitely flag this as a case to consider. IMHO no error should go away silently, but this has a user-facing result (of redirecting to login) and thus is detectable (and reportable) by end users if they see it happening. |
On second thought, you've convinced me that it's probably worth adding logging now rather than deferring it. It would help partners navigate this behaviour if it's something they did not expect by switching to session tokens. Thank you for the thorough review! |
NabeelAhsen
force-pushed
the
NabeelAhsen/fix-non-embedded-state-of-EnsureAuthenticatedConcern
branch
from
c9d1414
to
551fff6
Compare
NabeelAhsen
deleted the
NabeelAhsen/fix-non-embedded-state-of-EnsureAuthenticatedConcern
branch
In a world without cookies, an embedded app needs to handle attempted access to protected resources both in an embedded and non-embedded state. This PR fixes the scenario where
ShopifyApp::LoginProtection::ShopifyDomainNotFoundis raised when:shopdomain)In this scenario, rather than raise an exception, we should redirect to the app's
login_url.Before submitting the PR, please consider if any of the following are needed:
CHANGELOG.mdif the changes would impact usersREADME.md, if appropriate.docs/, if necessary