You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When there is no any invalid format, require_no_authentication method redirects to a after_sign_in_path(resource), but if any invalid format is manually added, require_no_authentication returns nil. But for sign_in page, if any invalid format is added, server responds with "406 Not Acceptable" and page is not displayed.
The logic is that user can access reset password page when he is logged in by adding invalid format to the url(described above). If there is no any invalid format, user is redirected with flash "you are already signed in"
Ruby version: ruby 2.1.2p95 (2014-05-08 revision 45877) [x86_64-darwin13.0]
Rails version: Rails 3.2.21
Devise version: 3.4.1
Steps to reproduce.
When there is no any invalid format,
require_no_authentication
method redirects to aafter_sign_in_path(resource)
, but if any invalid format is manually added,require_no_authentication
returns nil. But for sign_in page, if any invalid format is added, server responds with "406 Not Acceptable" and page is not displayed.Here is github repo with sample app: https://github.com/EnotPoloskun/devise-bug
The text was updated successfully, but these errors were encountered: