Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remember_me module raises 'undefined method' error if no SSL. #273

Open
kevin-smartpatients opened this issue Mar 9, 2021 · 3 comments
Open

remember_me module raises 'undefined method' error if no SSL. #273

kevin-smartpatients opened this issue Mar 9, 2021 · 3 comments
Labels
bug Something isn't working to be implemented in v1 This issue or pull request will be resolved in the v1 rework, but has not yet been completed.

Comments

@kevin-smartpatients
Copy link
Contributor

Configuration

  • Sorcery Version: 0.16.0
  • Ruby Version: ruby-2.6.6
  • Framework: Rails 6.0.3.5
  • Platform: MacOS

Expected Behavior

I just turned enabled remember_me. I don't expect it to work on localhost without SSL but it shouldn't blow up.

Actual Behavior

With the remember_me module enabled, if you check to see if the user is logged_in?, this code in the remember_me module raises an error undefined method 'signed' for nil:NilClass because signed cookies are not available unless you are using SSL.

# remember_me.rb
def login_from_cookie
  user = cookies.signed[:remember_me_token] &&  … if defined? cookies
  (…)
end

Steps to Reproduce

# sorcery.rb
Rails.application.config.sorcery.submodules = [:reset_password, :session_timeout, :remember_me]

# my code in a controller action
  def show
    puts 'hello' if logged_in?
  end

This workaround fixes it for me:

# application_controller.rb
  def login_from_cookie
    super if request.ssl?
  end

It's an easy fix and I can submit a PR with a test if it's useful.
The check for cookies needs to check whether cookies is nil.

# remember_me.rb line 62
user = cookies.signed[:remember_me_token] (…) if defined?(cookies) && cookies
@joshbuker
Copy link
Member

@kevin-smartpatients Looks like a simple enough fix! Opening a PR would be appreciated. 😃

@joshbuker joshbuker added the bug Something isn't working label Mar 9, 2021
@joshbuker joshbuker added the to be implemented in v1 This issue or pull request will be resolved in the v1 rework, but has not yet been completed. label Jun 5, 2021
@joshbuker
Copy link
Member

Presumably this is only an issue when testing locally, as you should always be using HTTPS in production. Still worth looking into and address though.

@kevin-smartpatients
Copy link
Contributor Author

kevin-smartpatients commented Jun 5, 2021 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working to be implemented in v1 This issue or pull request will be resolved in the v1 rework, but has not yet been completed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joshbuker @kevin-smartpatients