2

I'm facing a strange bug when I follow confirmation link from devise email. The link is correct:

.../ru/users/confirmation?confirmation_token=yDNePwDTbxBzy5PqZE1e

However in server log I get:

Started GET "/ru/users/confirmation?confirmation_token=yDNePwDTbxBzy5PqZE1e?confirmation_token=yDNePwDTbxBzy5PqZE1e"

As you see it is mentioned twice. For this reason I can't confirm the email.

The strangest thing is that it works in webrick, and I only see this issue in production (which happen to be nginx + passenger).

It might be the problem with my setup. I'm using Rails v4, and Devise v3. I re-wrote default devise confirmation#edit controller, and a couple of others, since I wanted to implement "sign-up by email" strategy, and also use ldap_authenticatable model instead of database_authenticatable. I also patched ldap_authenticatable to support multiple LDAPs. But even so -- can you point me where I should look to dig into my issue?

Edit

Middleware: production environment is 4 entries shorter:

  • production

      $ RAILS_ENV=production bundle exec rake middleware 
  use Rack::Sendfile 
  use Rack::Lock 
  use Rack::Runtime 
  use Rack::MethodOverride 
  use ActionDispatch::RequestId 
  use Rails::Rack::Logger 
  use ActionDispatch::ShowExceptions 
  use ActionDispatch::DebugExceptions 
  use ActionDispatch::RemoteIp 
  use ActionDispatch::Callbacks 
  use ActiveRecord::ConnectionAdapters::ConnectionManagement 
  use ActiveRecord::QueryCache 
  use ActionDispatch::Cookies 
  use ActionDispatch::Session::CookieStore 
  use ActionDispatch::Flash
  use ActionDispatch::ParamsParser
  use Rack::Head
  use Rack::ConditionalGet
  use Rack::ETag
  use Warden::Manager
  run Login::Application.routes

  • development:

      $ RAILS_ENV=development bundle exec rake middleware
  use Rack::Sendfile
+ use ActionDispatch::Static
  use Rack::Lock
  use Rack::Runtime
  use Rack::MethodOverride
  use ActionDispatch::RequestId
  use Rails::Rack::Logger
  use ActionDispatch::ShowExceptions
+ use WebConsole::Middleware
  use ActionDispatch::DebugExceptions
  use ActionDispatch::RemoteIp
+ use ActionDispatch::Reloader
  use ActionDispatch::Callbacks
+ use ActiveRecord::Migration::CheckPending
  use ActiveRecord::ConnectionAdapters::ConnectionManagement
  use ActiveRecord::QueryCache
  use ActionDispatch::Cookies
  use ActionDispatch::Session::CookieStore
  use ActionDispatch::Flash
  use ActionDispatch::ParamsParser
  use Rack::Head
  use Rack::ConditionalGet
  use Rack::ETag
  use Warden::Manager
  run Login::Application.routes

Edit 2

I found out what was the reason: the link in the email was http. If I change that to https -- it works. So one just have to add 

 config.action_mailer.default_url_options = {:protocol => 'https'}

in config/environments/production.rb and it works (on web-server restart). source

Community
  • 1
  • 1
Adobe
  • 12,967
  • 10
  • 85
  • 126
  • 1
    Could the link itself be malformed? Have you overrided the mailer view? – max Feb 04 '16 at 10:29
  • @max: I only added localization to the email. As far as I can see the link in the email I get from devise is correct. However I overrided the confirmation view. I store confirmation token in the hidden field tag in order to pass it to the post request. In my confirmation view user picks a password, and if @user.error.empty? I find the user by the token I get from the hidden field and update him in the ldap. – Adobe Feb 04 '16 at 10:58
  • The only thing which is really relevant here is the view which creates the email body and or the helper method that creates the confirmation URL. Whatever client you're opening it up with obviously does not like the link at all since it interprets it as a malformed URL. URLs are not supposed to have more the one query delimiter `?`. Remember here that the request URL is printed to the log long before the request hits your rails controllers so any devise overrides have not been started. Its pretty unlikely that you have been able to fudge the middleware up to rewrite the request URL either. – max Feb 04 '16 at 11:12
  • @max: looks like it is someone in the middle: I just tried to visit `http://my.site.ru/ru/users/confirmation?confirmation_token=test` and I got `Started GET "/ru/users/confirmation?confirmation_token=test?confirmation_token=test"` in the server logs. This proves that the link in the email is correct. – Adobe Feb 04 '16 at 11:18
  • Thats very strange. You can use `rake middleware` to get a list of the middleware in your stack. – max Feb 04 '16 at 11:20

0 Answers0