0

I'm currently handling 422 errors(an invalid auth token was passed to rails) and I currently redirect the user to a separate page. This works well but what I've discovered is that if a user logs in and hits a 422 error during that log in request, the user goes to the separate page AND is now logged in. Ideally I want the user to not be logged in.

I currently user Devise(3.4.1) for authentication. No custom code has been written outside of the code written below.

How do I prevent the user from logging in when they hit a 422 error and not be logged in?

class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception

  # This method is called whenever a CSRF token is invalid.
  def handle_unverified_request
    # By default this method raises ActionController::InvalidAuthenticityToken
    redirect_to '/422'
  end
end
thank_you
  • 11,001
  • 19
  • 101
  • 185
  • Rails does not have built-in functionality for authentication. Please provide more information on how you're handling this, whether it's a gem or custom implementation. – coreyward Dec 30 '16 at 18:58
  • Updated my answer. Btw I use Devise for authentication. – thank_you Dec 30 '16 at 19:00

1 Answers1

0

Try this 

def handle_unverified_request
  super # call the default behaviour, including Devise override
  authenticate_user!
end
Ajay Barot
  • 1,681
  • 1
  • 21
  • 37
  • I played around with that when I realized Devise overrides the method. The problem is that I receive the following error `ActionController::InvalidAuthenticityToken` which occurs from calling `super`. – thank_you Dec 30 '16 at 20:00