Merge pull request #5573 from heartcombo/ca/failure-app-respect-redirect

Respect redirect status code when recalling the action
2026-01-08 22:37:57 -05:00 · 2023-03-30 17:29:35 -03:00
parent 367ea42762 89a08357d6
commit 8dbe5b2fe8
3 changed files with 57 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@
  * Refactor conditional dirty tracking logic to a centralized module to simplify usage throughout the codebase. [#5575](https://github.com/heartcombo/devise/pull/5575)

 * bug fixes
+  * Failure app will respond with configured `redirect_status` instead of `error_status` if the recall app returns a redirect status (300..399) [#5573](https://github.com/heartcombo/devise/pull/5573)
  * Fix frozen string exception in validatable. [#5563](https://github.com/heartcombo/devise/pull/5563) [#5465](https://github.com/heartcombo/devise/pull/5465) [@mameier](https://github.com/mameier)

 ### 4.9.0 - 2023-02-17
--- a/lib/devise/failure_app.rb
+++ b/lib/devise/failure_app.rb
@@ -72,7 +72,9 @@ module Devise

      flash.now[:alert] = i18n_message(:invalid) if is_flashing_format?
      self.response = recall_app(warden_options[:recall]).call(request.env).tap { |response|
-        response[0] = Rack::Utils.status_code(Devise.responder.error_status)
+        response[0] = Rack::Utils.status_code(
+          response[0].in?(300..399) ? Devise.responder.redirect_status : Devise.responder.error_status
+        )
      }
    end

--- a/test/failure_app_test.rb
+++ b/test/failure_app_test.rb
@@ -371,6 +371,59 @@ class FailureTest < ActiveSupport::TestCase
        end
      end
    end
+
+    # TODO: remove conditional/else when supporting only responders 3.1+
+    if ActionController::Responder.respond_to?(:error_status=)
+      test 'respects the configured responder `error_status` for the status code' do
+        swap Devise.responder, error_status: :unprocessable_entity do
+          env = {
+            "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/sign_in" },
+            "devise.mapping" => Devise.mappings[:user],
+            "warden" => stub_everything
+          }
+          call_failure(env)
+
+          assert_equal 422, @response.first
+          assert_includes @response.third.body, 'Invalid Email or password.'
+        end
+      end
+
+      test 'respects the configured responder `redirect_status` if the recall app returns a redirect status code' do
+        swap Devise.responder, redirect_status: :see_other do
+          env = {
+            "warden.options" => { recall: "devise/registrations#cancel", attempted_path: "/users/cancel" },
+            "devise.mapping" => Devise.mappings[:user],
+            "warden" => stub_everything
+          }
+          call_failure(env)
+
+          assert_equal 303, @response.first
+        end
+      end
+    else
+      test 'uses default hardcoded responder `error_status` for the status code since responders version does not support configuring it' do
+        env = {
+          "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/sign_in" },
+          "devise.mapping" => Devise.mappings[:user],
+          "warden" => stub_everything
+        }
+        call_failure(env)
+
+        assert_equal 200, @response.first
+        assert_includes @response.third.body, 'Invalid Email or password.'
+      end
+
+      test 'users default hardcoded responder `redirect_status` for the status code since responders version does not support configuring it' do
+        env = {
+          "warden.options" => { recall: "devise/registrations#cancel", attempted_path: "/users/cancel" },
+          "devise.mapping" => Devise.mappings[:user],
+          "warden" => stub_everything
+        }
+        call_failure(env)
+
+        assert_equal 302, @response.first
+      end
+    end
  end

  context "Lazy loading" do