Add an option 'use_redirect_back_or_to_by_rails' to avoid definition conflicts of redirect_back_or_to
#373
Conversation
atolix
force-pushed
the
rails-7-redirect-back-or-to-fix
branch
from
ce4db7e to
14be051
Compare
lib/sorcery/controller.rb
Outdated
| if Config.use_redirect_back_or_to_by_rails | ||
| super | ||
| else | ||
| warn('[WARNING] `redirect_back_or_to` overrides the method of the same name defined in Rails 7. If you want to avoid overriding, you can set `config.use_redirect_back_or_to_by_rails = true` and use `redirect_to_before_login_path`.') |
There was a problem hiding this comment.
Since it is desirable for this setting to default to true in the future, I would like to add that "in a future version, config.use_redirect_back_or_to_by_rails = true will become the default."
There was a problem hiding this comment.
I have changed the message in 8ebe075
atolix
force-pushed
the
rails-7-redirect-back-or-to-fix
branch
2 times, most recently
from
f2106da to
7a494fc
Compare
|
@joshbuker As far as I have reviewed, I think the implementation is fine, but I'm not sure if the comments and other texts are clear. Could you please review them? |
There was a problem hiding this comment.
I've reviewed your PR again.
Could you please change the comment to use redirect_to_before_login_path instead of redirect_back_or_to in the initializer file ( https://github.com/sorcery/sorcery/blob/b3e7793e44ff649938302c9fd9bdb493179af06c/lib/generators/sorcery/templates/initializer.rb#L19 )?
Also, in the test dummy application's controller ( https://github.com/sorcery/sorcery/blob/b3e7793e44ff649938302c9fd9bdb493179af06c/spec/rails_app/app/controllers/sorcery_controller.rb ), redirect_back_or_to is used in actions other than test_return_to (which is used by your new test code). Please update these other actions to use redirect_to_before_login_path.
atolix
force-pushed
the
rails-7-redirect-back-or-to-fix
branch
from
7a494fc to
0862950
Compare
|
@willnet
fixed in d78f5fe
fixed in 3077b41 |
|
@brendon I think the implementation in this PR is fine, but I’m not confident about the English wording or the method names. If anything looks off, please point it out. |
|
Just on holiday at the moment but will look at this next week hopefully :) |
|
This is an interesting approach. Is the idea that you'll allow a time period where using this overridden method issues a warning, and then at some time in the near future you change the default behaviour? Will people notice the warning in their logs? Have you considered just signalling a breaking release version bump and changing the behaviour? Given new releases of sorcery aren't very frequent it might just be better to whip the band-aid off in one go? |
|
Thanks for the feedback. Just to clarify, are you suggesting removing Sorcery’s own Either way, I agree with simplifying it. Since it would be a breaking change, I just want to confirm that this is acceptable to move forward with. |
|
Yes I think it makes sense to remove the custom I haven't checked, but I assume the purpose of both methods is the same? or is there more nuance to the Sorcery version? |
|
I support the approach in this PR to first show a warning. Sorcery’s redirect_back_or_to prioritizes redirecting to the URL the user tried to access while not logged in (when that URL requires authentication). sorcery/lib/sorcery/controller.rb Lines 99 to 102 in 301ada9 Rails’ redirect_back_or_to prioritizes redirecting to the referrer URL. If we switch from the Sorcery version to the Rails version all at once with no migration period, their argument signatures are almost the same, so no exception will be raised and Sorcery users might not notice. However, the application behavior will change. Even if we log a message as in the current implementation of this PR, people might miss the logs, but it’s still better than switching abruptly. To ensure users notice this breaking change, we could consider raising an exception in the version after the one that includes this PR when redirect_back_or_to is used without
Once this PR and #351 are resolved, I’d like to discuss releasing the next version with @joshbuker . If I can get release permissions, I’d like to release more frequently than we do now. |
|
Ok, that sounds good. Should we look at raising a rails deprecation warning instead of a straight Ruby warning using |
|
Since Sorcery now supports Rails 7.1 and above, we can use Rails.application.deprecators. I think that’s a great idea. |
Excellent. @atolix, would you be ok with switching to that? |
|
CI failed on Rails 7.2 or above with the following error:
I switched to ActiveSupport.deprecator.warn, which works fine on Rails 7.1+ and follows the latest Rails deprecation interface. |
…ue will become the default
Replaced all existing `redirect_back_or_to` calls with `redirect_to_before_login_path`, and added a dedicated method for testing the updated behavior of `redirect_back_or_to`
…ation message Using Rails' deprecation mechanism makes the warning more visible for users who run with `config.active_support.deprecation = :raise`.
atolix
force-pushed
the
rails-7-redirect-back-or-to-fix
branch
from
d9a4da2 to
8544109
Compare
Thanks for that :) Just one more worry from me. Will it be a problem having the deprecator stored as a class variable? Could this potentially cause problems with threading? That's out of my field of expertise but I'm always wary of class variables. It might be better to just initialise the deprecator locally when needed. @willnet? |
|
I found this article: https://blog.saeloun.com/2024/11/19/rails-7-1-adds-application-deprecators-method/ They seem to store their deprecators globally so maybe it's ok :) |
|
As shown in the Rails documentation, could you add deprecators like the following inside https://api.rubyonrails.org/classes/ActiveSupport/Deprecation.html By doing this, the overall settings like the following will also apply to Sorcery’s deprecator. config.active_support.deprecation = :raise |
@brendon You need to be careful when dealing with global values like class instance variables, but it’s fine as long as they aren’t modified by multiple threads at the same time. Settings like the deprecator are created during initialization and aren’t changed concurrently, so it should be safe. It seems that each Rails component also uses class instance variables to keep their own deprecator. https://github.com/rails/rails/blob/252ee6c6b846c6ce4a82528d03c2bd6d89c7a0fa/actionpack/lib/abstract_controller/deprecator.rb#L7-L7 |
Thanks @willnet, that makes sense :) |
|
I’ve added a test in 1c92b27 |
|
@atolix Thank you for your contributions! |
3 participants
Fix: #296
Rails 7 released a new method called
redirect_back_or_toas a replacement forredirect_back. That may conflicts with the method by the same name defined by Sorcery.This commit adds an option to set whether to use
redirect_back_or_todefined by Rails 7, and add a methodredirect_to_before_login_pathas an alternative to sorcery's `redirect_back_or_to.ref: rails/rails#40671
Please ensure your pull request includes the following: