Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
@superposition No, but your second point is more likely.
I’m adding a call to my Recaptcha wrapper within a Devise view and controller. I don’t know what Devise does under the hood, or honestly, even how it works. I avoid Devise like the plague because it’s so magical and difficult to use/debug, and invariably a gigantic pain. So I’m assuming that’s actual cause. Devise is probably catching the post, calling the authentication method defined in our application, and then running its own code which then authenticates the user.
But I don’t know how to go about debugging it, either.
The only experience I have with Devise is a) leaving it alone and avoiding it, and b) ripping it out of several applications because the development cost was lower that way. -
It was fucking Devise.
It’s intercepting the signin POST, authenticating the user, and only then running the signin method our application defines. It also overrides my redirect somehow. It’s treating our signin method like an “after_signin” hook.
So the solution?
Sign the user out, then redirect.
Devise.
Bloody fucking Devise.
What do you do when your redirect doesn’t go where you tell it?
Clearly I’m missing something.
I stepped through the code, following the failure path of Sheogorath’s Recaptcha. It fails as expected, and hits this redirect before doing anything else:
`return redirect_to new_user_session_path`
I verified that this redirects to the “/users/sign_in” path, and it returns so the server doesn’t even try to authenticate the user. It just nopes out as it should to prevent timing attacks.
But somehow instead of doing that and redirecting as it should, it signs the user in and redirects somewhere else entirely: the role select page, which only happens after authenticating an admin user. It never even hits my breakpoint after the recaptcha check! It never authenticates!
I think what I’m missing is my old reality where things made sense.
rant
root wants to go home
sheogorath’s recaptcha