Warden::Strategies::Base#authenticate! documentation is ambiguous #203
Comments
ghost
mentioned this issue
|
See also betterup/devise-doorkeeper#56 |
|
@alan-pie were you able to find the solution for this issue? |
|
No, unfortunately not. Both projects seem dead. |
|
Warden is stable. I wouldn't mistake that for dead. If we have a test case that proves a change will not break downstream dependencies, we will take the patch. |
|
If I could get an answer to the question in the original post I would be
happy to contribute a patch.
Note that if there is a bug people are depending on, as this may be, then
downstream breaks are necessary. A new major version would be desired.
…On Fri, Oct 14, 2022, 10:46 PM Justin Smestad ***@***.***> wrote:
Warden is stable. I wouldn't mistake that for dead. If we have a test case
that proves a change will not break downstream dependencies, we will take
the patch.
—
Reply to this email directly, view it on GitHub
<#203 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/APRKQYVBJKXLOAWTJTJUANLWDISKBANCNFSM5Q2KKNPQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There is an issue with the devise-doorkeeper gem that causes the
warden.authenticatecall to throw when an invalid token is passed.Devise::Controllers::Helpers#user_signed_in?callsWarden::Proxy#authenticatewhich ultimately callsDevise::Doorkeeper::Strategies::Doorkeeper#authenticate!which throws if a given token is invalid.I believe the intent behind
user_signed_in?and theWarden::Proxy#authenticateare to be passive auth checks and should not throw. I'm not sure if this is a problem with the implementation of the Strategy or with the implementation of Warden::Proxy#run_strategies_for. I notice that the Strategies wiki does not mention using throw :warden but the Failures wiki does. The documentation on Warden::Strategies::Base is ambiguous.Does Warden expect that a Strategy's
authenticate!method should throw in this case? If it does expect that shouldn'tauthenticatehandle that to ensure the check is passive? If not, I can update the documentation.The text was updated successfully, but these errors were encountered: