two_factor_authentication
two_factor_authentication copied to clipboard
Published
20 hours ago •
Houdini
Houdini
Having trouble with non-devise controllers
Hi, thanks for the awesome lib. This strikes me as a very noob question, but after diving into your code and checking many options I'm filing an issue as a last resource.
The problem I'm having is that some non-devise controllers are passing through the two-factor flow even though they shouldn't. Here's my setup:
head -1 app/controllers/api/base_controller.rb:
class Api::BaseController < ActionController::Base
head -1 app/controllers/application_controller.rb
class ApplicationController < ActionController::Base
When a test is ran through RSpec it fails with the following stack trace:
ERROR -- : undefined method `authenticate?' for nil:NilClass (NoMethodError)
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/devise-3.4.1/lib/devise/controllers/sign_in_out.rb:10:in `block in signed_in?'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/devise-3.4.1/lib/devise/controllers/sign_in_out.rb:9:in `each'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/devise-3.4.1/lib/devise/controllers/sign_in_out.rb:9:in `any?'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/devise-3.4.1/lib/devise/controllers/sign_in_out.rb:9:in `signed_in?'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/two_factor_authentication-1.1.5/lib/two_factor_authentication/controllers/helpers.rb:15:in `block in handle_two_factor_authentication'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/two_factor_authentication-1.1.5/lib/two_factor_authentication/controllers/helpers.rb:14:in `each'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/two_factor_authentication-1.1.5/lib/two_factor_authentication/controllers/helpers.rb:14:in `any?'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/two_factor_authentication-1.1.5/lib/two_factor_authentication/controllers/helpers.rb:14:in `handle_two_factor_authentication'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/activesupport-4.1.12/lib/active_support/callbacks.rb:429:in `block in make_lambda'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/activesupport-4.1.12/lib/active_support/callbacks.rb:161:in `call'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/activesupport-4.1.12/lib/active_support/callbacks.rb:161:in `block in halting'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/activesupport-4.1.12/lib/active_support/callbacks.rb:501:in `call'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/activesupport-4.1.12/lib/active_support/callbacks.rb:501:in `block in call'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/activesupport-4.1.12/lib/active_support/callbacks.rb:501:in `each'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/activesupport-4.1.12/lib/active_support/callbacks.rb:501:in `call'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/activesupport-4.1.12/lib/active_support/callbacks.rb:86:in `run_callbacks'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/actionpack-4.1.12/lib/abstract_controller/callbacks.rb:19:in `process_action'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/actionpack-4.1.12/lib/action_controller/metal/rescue.rb:29:in `process_action'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/actionpack-4.1.12/lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/activesupport-4.1.12/lib/active_support/notifications.rb:159:in `block in instrument'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/activesupport-4.1.12/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/activesupport-4.1.12/lib/active_support/notifications.rb:159:in `instrument'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/actionpack-4.1.12/lib/action_controller/metal/instrumentation.rb:30:in `process_action'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/actionpack-4.1.12/lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/activerecord-4.1.12/lib/active_record/railties/controller_runtime.rb:18:in `process_action'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/actionpack-4.1.12/lib/abstract_controller/base.rb:136:in `process'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/actionview-4.1.12/lib/action_view/rendering.rb:30:in `process'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/actionpack-4.1.12/lib/action_controller/test_case.rb:595:in `process'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/actionpack-4.1.12/lib/action_controller/test_case.rb:64:in `process'
.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/actionpack-4.1.12/lib/action_controller/test_case.rb:495:in `get'
dev/spec/controllers/api_controller_spec.rb:98:in `block (3 levels) in <top (required)>'
The test goes something like this:
require 'rails_helper'
require 'factory_girl_rails'
require 'securerandom'
RSpec.describe Api::LoginController, :type => :controller do
context "login" do
it "logs in" do
post :authenticate, {username: "...", password: "..."}
expect(response.status).to eq(200)
end
end
end
The reason is that the condition unless devise_controller? in handle_two_factor_authentication method is positive, so it enters the flow.
Am I doing something wrong? How can I bypass the two-factor validation for non-devise controllers?
Thanks in advance.
I just added a skip_before_filter :handle_two_factor_authentication. Works fine now, but I was wondering if you have a better option.