New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Documentation on sign_in hooks is incorrect #424
Comments
Thanks, Geoff. I'll take a look sometime this week. Much of the wiki documentation is out of date. I've been considering removing it all and adding back only what is accurate and helpful. |
@derekprior Is there a preferred way of doing a sign-in hook in Rails 4? |
Hmm. I don't have an app in front of me to test right now, but I'm actually surprised that doesn't work. Can you paste the exception and stack trace as well as your code from ApplicationController? I'll have some time to look into this myself tomorrow as well. |
Here's the ApplicationController code. I have the exact same code in a Rails 3.2.17 app and it works fine: ##
# Base controller for application.
##
class ApplicationController < ActionController::Base
include Clearance::Controller
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
private
def default_serializer_options
{root: false}
end
protected
def sign_in(user)
# store current time to display "last signed in at" message
user.update_attribute(:last_signed_in_at, Time.now)
super user
end
end Stacktrace (this is from a test step where I use
|
This actually seems to work for me in my Rails 4.0.4 app. I wonder if it has to do with the fact that your controller controller is namespaced. Does Admin::Passwords controller inherit directly from ApplicationController? |
No, it inherits from a subclass of ApplicationController whose function is to require login. |
@geoffharcourt Have you had any luck with this? I haven't looked into it at all yet, though I was going to try to this weekend. |
No, I haven't. My initial attempt wasn't successful, so if you have the time I'd go ahead. |
I'm still not able to reproduce this, even trying with what I think are similar chains of inheritance and namespaced controllers: class ApplicationController < ActionController::Base
include Clearance::Controller
protect_from_forgery with: :exception
protected
def sign_in(user)
puts "SIGN IN #{user.email}"
super
end
end class BaseController < ApplicationController
before_filter :authorize
end class Admin::PostsController < BaseController
def index
render text: 'admin posts controller'
end
end Clearance.configure do |config|
config.mailer_sender = "reply@example.com"
config.redirect_url = '/admin/posts'
end This all works just fine. I even tried it via a feature spec with the backdoor, like so:
This is now Rails 4.1.4, but way earlier I was also unable to reproduce on 4.0.4. Do you see something that I'm doing that you're not? Are you able to produce a minimal reproduction you could share? |
@derekprior, thanks for taking a look at this. I'm working on a project over the weekend that's due on Monday, but I'll try to build a minimal reproduction to help demonstrate the problem outside of my private app after the weekend. |
@derekprior, I just built a simple app with a Posts controller that inherits from a controller that requires authorization ( Stack trace isn't very useful:
The only thing I can think of is that in my tests I'm not using the backdoor, but rather the before do
Timecop.freeze(Time.utc(2014, 5, 21, 12))
create(:building_user, building: building, user: user)
sign_in_as(user)
end
describe "GET index" do
before { get :index }
it { should respond_with(:redirect) }
it { should redirect_to(today_dashboard_path(building)) }
end If I make I should note that this only produces an error in my app during testing (I had previously abandoned this approach when the test failed). If I sign in to the development environment with an overridden |
@derekprior, wondering if calling |
Yeah, I was thinking about that. I probably won't get a chance to look at On Wed, Sep 17, 2014 at 12:18 PM, Geoff Harcourt notifications@github.com
|
No prob, just wanted to jot that down before I forgot. |
I was overriding `sign_in` in a subclassed controller (ApplicationController was public, but a subclass was used for all pages requiring authentication), and experienced problems during testing where exceptions were being raised by Clearance's testing helpers calling the protected method `#sign_in` on the controller. Changed the `sign_in_as` helper to use `Object#send`, which will not raise no method exceptions if a controller's `#sign_in` method is protected, which as a non-action controller method it should be. Close thoughtbot#424.
@derekprior I was able to reproduce this in a Clearance spec, and resolved it by using |
I updated the wiki per our conversations in #464 |
https://github.com/thoughtbot/clearance/wiki/usage
The suggested override of
ApplicationController#sign_in
produces an exception about calling a protected method onApplicationController
. I think this may solely be an issue in Rails 4, as I was able to use the last signed in example in a Rails 3.2.x application.The text was updated successfully, but these errors were encountered: