2.1.1 has broken several of my apps functional tests (fine with 2.1.0, and identical app code).
The tests check that a logged in user can't access another users records. The controller tries to access the record by id for the user, gets ActiveRecord::RecordNotFound, then redirects the user to the home page, and displays a notice.
With 2.1.1, this still happens ok when I manually try it in the browser, but in my functional tests, I'm now redirected to the sign in page (new_user_session_path) instead, and no notice is shown.
Perhaps related top 2.1.1 change "Redirect to sign in page when trying to access password#edit without a token" ?
Using rails 3.2.6, and ruby 1.9.3.
Thanks for reporting. The change you mention only affects the reset password page. Are you using a custom Devise strategy (or a Devise plugin)?
Another possible option, can you confirm forgery check is disabled in your test environment:
config.action_controller.allow_forgery_protection = false
Ah, if you are inheriting from Devise::PasswordsController to add custom behavior, it may also cause the issue.
I'm not even sure what a custom devise strategy is. I don't use any devise plugins. I only customize the devise views.
I already have allow_forgery_protection = false for test.
allow_forgery_protection = false
I don't override Devise::PasswordsController`.
Can you provide more information to reproduce? Maybe isolating it in an application? I have run it in my apps, but it works fine. Thanks.
I've run into the same issue. I wrote a devise unit test to reproduce.
test "does not redirect with valid user after failed first attempt" do
user = create_user
I added that to the test/test_helpers_test.rb. It fails on 2.1.2 but passes on 2.1.0.
Fix issue #1928, thanks to @ejfinneran for a test case
This issue has been fixed in master. It was a regression introduced by warden but that's now fixed. Could you guys please try Devise master out and let me know how it goes? Thanks for reporting and thansk to @ejfinneran for providing a test case!
Yes, it's fixed. Thanks.
That's fixed it for me - thanks.