From 3d523b84fc4bc793da76f82b2c1abd7d6f4a6d24 Mon Sep 17 00:00:00 2001 From: Mike Dalessio Date: Thu, 11 Dec 2025 12:52:59 -0500 Subject: [PATCH 1/2] Explicitly use main_app for URL helpers in controller concerns that are mixed into other engines' controllers. This prevents errors like: > NoMethodError: undefined method 'session_menu_url' for an instance of ActiveStorage::DirectUploadsController See also 912bb8a8 and 5ee10800 --- app/controllers/concerns/authentication.rb | 8 ++++---- app/helpers/login_helper.rb | 2 -- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/app/controllers/concerns/authentication.rb b/app/controllers/concerns/authentication.rb index 30f54820b..1b057a19d 100644 --- a/app/controllers/concerns/authentication.rb +++ b/app/controllers/concerns/authentication.rb @@ -37,7 +37,7 @@ module Authentication def require_account unless Current.account.present? - redirect_to session_menu_url(script_name: nil) + redirect_to main_app.session_menu_url(script_name: nil) end end @@ -78,11 +78,11 @@ module Authentication end def redirect_authenticated_user - redirect_to root_url if authenticated? + redirect_to main_app.root_url if authenticated? end def redirect_tenanted_request - redirect_to root_url if Current.account.present? + redirect_to main_app.root_url if Current.account.present? end def start_new_session_for(identity) @@ -110,7 +110,7 @@ module Authentication def redirect_to_session_magic_link(magic_link, return_to: nil) serve_development_magic_link(magic_link) session[:return_to_after_authenticating] = return_to if return_to - redirect_to session_magic_link_url(script_name: nil) + redirect_to main_app.session_magic_link_url(script_name: nil) end def serve_development_magic_link(magic_link) diff --git a/app/helpers/login_helper.rb b/app/helpers/login_helper.rb index f5e89c8d1..6004282a6 100644 --- a/app/helpers/login_helper.rb +++ b/app/helpers/login_helper.rb @@ -1,7 +1,5 @@ module LoginHelper def login_url - # Use main_app because this helper may be invoked from an engine controller - # that inherits from AdminController. main_app.new_session_path(script_name: nil) end From 679a073c6bd54b88620ded20d472efcf467a888f Mon Sep 17 00:00:00 2001 From: Mike Dalessio Date: Thu, 11 Dec 2025 13:02:54 -0500 Subject: [PATCH 2/2] Add test coverage for the require_unauthenticated_access redirect --- test/controllers/sessions_controller_test.rb | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb index f1d6b65c9..74b336a4f 100644 --- a/test/controllers/sessions_controller_test.rb +++ b/test/controllers/sessions_controller_test.rb @@ -9,6 +9,15 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest assert_response :success end + test "new redirects authenticated users" do + sign_in_as :kevin + + untenanted do + get new_session_path + assert_redirected_to root_url + end + end + test "create" do identity = identities(:kevin)