Rails 7.1.0 update leads to no warden strategies being found ?

[jwoodrow]

Environment

• Ruby 3.2.2
• Rails 7.1.0
• Devise 4.9.2 & main branch

Current behavior

I was trying to upgrade our rails app to Rails 7.1.0 and now when I try to access a page requiring authentication I get a RuntimeError Invalid strategy trackable on a model that has nothing to do with the one being require for that specific page (Admin for our admin panel and User for our frontend).

Commenting out the devise :database_authenticatable, :confirmable, :registerable, :recoverable, :trackable, :validatable in the User model then makes the same error appear but this time for Admin and commenting out the device :trackable in that model then leads to a undefined method 'authentication_keys' for Admin:Class (which kind of makes sense after removing basically both devise calls on both models)

I don't know if this is specifically related to Rails 7.1.0 but for extra context we also do have 3 custom strategies setup but they don't seem to be causing any interference.

The error occurs here Warden::Proxy#_fetch_strategy

and if I use better_errors to print out the value for @strategies I get this as a result {:user=>{}} almost as if no strategies at all existed

Expected behavior

Arrive on the login page with no errors

[gagoit]

I also faced to this issue, and I saw that came from this change. The hash#deep_merge has been changed behavior:

• In rails 7.0.8
  

• In rails 7.1.0
  

So when we use Devise.with_options with multiple blocks inside (for adding multiple modules), the options that passed to each module has been merged, that make the Devise::STRATEGIES has been changed in-correctly => warden has failed to load the incorrect strategies

NOTE:

• In rails 7.0.8, the Devise::STRATEGIES won't include trackable, timeoutable, lockable...
• In rails 7.1.0, the Devise::STRATEGIES will include trackable, timeoutable, lockable...

[carlosantoniodasilva]

@gagoit I'm not able to replicate this on a brand new 7.1 app:

I'm still looking, it's possible something fundamental has changed somewhere, but wanted to mention the above in case I'm missing something from your example. Thanks.

[gagoit]

@carlosantoniodasilva Thanks for your info.
I've checked the other gems in my project, and saw it's related to the config gem (more details here rails/rails#49457 and rubyconfig/config#342).

Summary:
Config gem uses deep_merge and DeepMerge's Hash monkey patch is not compatible with Rails 7.1 (see rails/rails#49457).
=> that make the behavior of deep_merge is changed in my project
=> Devise.with_options doesn't work correctly.

Sorry for making you confuse.

[carlosantoniodasilva]

@gagoit thanks for the feedback, glad to know the issue is elsewhere :)

@jwoodrow are you also using the same config gem? It sounds like this could be the culprit.

I tested a brand new app with devise (using this newly created 4-stable branch which contains tweaks for Rails 7.1), and everything appears to be working. If anyone would like to give that a try, let me know if you run into any issues.

[jwoodrow]

@carlosantoniodasilva We are indeed using the config gem, guessing the culprit must be there. Thanks to both of you for looking into this and finding the culprit. Now the question for me is, do I truly still need this gem :D

[carlosantoniodasilva]

Thanks for reporting back. I'll consider this one as closed then for now, but please report back if you run into anything else.

[saxxi]

Thanks for the heads up, for other users:

In order to update rails from 7.0 to 7.1 I had to manually upgrade config gem (from 4.1 to 5.1 in my case) which stopped the error Invalid strategy trackable (was giving error for all strategies, not just trackable).