devise
devise copied to clipboard
heartcombo
fix: add status codes to redirects and failure app
-
Adds 303 (see_other) status codes to redirects
-
Adds a 401 status code when Warden fails to authenticate.
-
This does not directly allow Turbo streams, but does allow other solutions to hook into status codes to handle responses properly via Ajax. (Things like Mrujs or Request.js)
Additional notes
totally open to discussion on this. This arised from a personal fork I was using and am happy to close the PR should another solution arise.
This new behavior needs to be configurable, but default. Can you work towards that direction?
@rafaelfranca I'll see about making a configurable status code. I previously tweeted about Devise + Warden authentication failures and @carlosantoniodasilva seemed apprehensive about the "failure_app" here. With its state, it can be configured to return a 401 or 200 (current behavior).
Do you think the failure_app as is should be left in with a configurable status code? Or leave it to a user to custom configure their own "failure_app" with a 401 status code?
I havent added it to the generators yet nor added tests, but I reworked this PR so it does not add the "redirect_status_code" to "POST" requests since its not needed. It may be confusing since its not applied everywhere, but this is the change that enables the ability to use "fetch" requests with Devise.
So, if I understand correctly, I could add this to my initializer:
Devise.setup do |config|
config.redirect_status_code = 303
config.failure_status_code = 422
config.authentication_failure_status_code = 401
end
And suddenly, all of the problems that we have to come up with hacky workarounds for go away?
Magic. Lighting all of my black candles for this one.
The main branch should contain all that's necessary for fully working with Turbo now, based on the changes here and a few others. A new version will be released soon, but feel free to test it out from the main branch in the meantime, and report back on any issues. Thanks.
