From 9013450e00fd9f7fae7aefaf3d987beac5c56d99 Mon Sep 17 00:00:00 2001 From: Red Date: Wed, 10 Apr 2024 15:42:48 +0900 Subject: [PATCH] fix: Fixes 9012 Cancelling Google OAuth signup redirects user to `/auth/sign_in` (#9022) Overriding new_user_session action to avoid rendering error directly in webpage --- .../devise_overrides/sessions_controller.rb | 10 ++++++++++ spec/controllers/devise/session_controller_spec.rb | 8 ++++++++ 2 files changed, 18 insertions(+) diff --git a/app/controllers/devise_overrides/sessions_controller.rb b/app/controllers/devise_overrides/sessions_controller.rb index e623e52f7..fc7b12767 100644 --- a/app/controllers/devise_overrides/sessions_controller.rb +++ b/app/controllers/devise_overrides/sessions_controller.rb @@ -4,6 +4,10 @@ class DeviseOverrides::SessionsController < DeviseTokenAuth::SessionsController wrap_parameters format: [] before_action :process_sso_auth_token, only: [:create] + def new + redirect_to login_page_url(error: 'access-denied') + end + def create # Authenticate user via the temporary sso auth token if params[:sso_auth_token].present? && @resource.present? @@ -21,6 +25,12 @@ class DeviseOverrides::SessionsController < DeviseTokenAuth::SessionsController private + def login_page_url(error: nil) + frontend_url = ENV.fetch('FRONTEND_URL', nil) + + "#{frontend_url}/app/login?error=#{error}" + end + def authenticate_resource_with_sso_token @token = @resource.create_token @resource.save! diff --git a/spec/controllers/devise/session_controller_spec.rb b/spec/controllers/devise/session_controller_spec.rb index d856e0ebf..42f8b8bd8 100644 --- a/spec/controllers/devise/session_controller_spec.rb +++ b/spec/controllers/devise/session_controller_spec.rb @@ -74,4 +74,12 @@ RSpec.describe 'Session', type: :request do end end end + + describe 'GET /auth/sign_in' do + it 'redirects to the frontend login page with error' do + get new_user_session_url + + expect(response).to redirect_to(%r{/app/login\?error=access-denied$}) + end + end end