fix: Fixes 9012 Cancelling Google OAuth signup redirects user to /auth/sign_in (#9022)

Overriding new_user_session action to avoid rendering error directly in webpage

app/controllers/devise_overrides/sessions_controller.rb

@@ -4,6 +4,10 @@ class DeviseOverrides::SessionsController < DeviseTokenAuth::SessionsController
   wrap_parameters format: []
   before_action :process_sso_auth_token, only: [:create]
 
+  def new
+    redirect_to login_page_url(error: 'access-denied')
+  end
+
   def create
     # Authenticate user via the temporary sso auth token
     if params[:sso_auth_token].present? && @resource.present?
@@ -21,6 +25,12 @@ class DeviseOverrides::SessionsController < DeviseTokenAuth::SessionsController
 
   private
 
+  def login_page_url(error: nil)
+    frontend_url = ENV.fetch('FRONTEND_URL', nil)
+
+    "#{frontend_url}/app/login?error=#{error}"
+  end
+
   def authenticate_resource_with_sso_token
     @token = @resource.create_token
     @resource.save!

spec/controllers/devise/session_controller_spec.rb

@@ -74,4 +74,12 @@ RSpec.describe 'Session', type: :request do
       end
     end
   end
+
+  describe 'GET /auth/sign_in' do
+    it 'redirects to the frontend login page with error' do
+      get new_user_session_url
+
+      expect(response).to redirect_to(%r{/app/login\?error=access-denied$})
+    end
+  end
 end