rodauth-rails: Integrate with Rails `rescue_from` to support custom 5xx error pages

Hey Janko,

Do you have any advice on how to re-use the existing styled 5xx pages on the Rails’ side for exceptions which happen in Rodauth land? Is this something rodauth-rails could/should cover in its integration?

I wonder if the around_rodauth we discussed in https://github.com/janko/rodauth-rails/issues/2#issuecomment-700495426 might be necessary or even if that would simply work if process_actions is also responsible for Rails’ rescue_from behaviour (I haven’t checked).

About this issue

Original URL
State: closed
Created 4 years ago
Comments: 18 (6 by maintainers)

Most upvoted comments

Hah is this in response to my Reddit comment? Looks great! I will be afk for a week and then spotty for a few more weeks, but I will try to integrate with app ASAP 😄

bjeanes on Nov 22, 2020

I’ve just released rodauth-rails 0.6.0 with these changes 🚀

The release also includes a new Rodauth::Rails.rodauth method, which initializes a Rodauth instance outside of a request context, with Rack env set based on ActionMailer::Base.default_url_options (which is typically configured via config.action_mailer.default_url_options in Rails) – https://github.com/janko/rodauth-rails/commit/806fb220abc2dbef41665d904c3e98742922ec6a. That’s a first step towards making it easier to programmatically call Rodauth operations.

janko on Nov 22, 2020

Next Rodauth release will probably be on the 20th (5 days) or 23th (8 days). Happy to do the former if that is preferred.

jeremyevans on Nov 16, 2020

Everything is green on my end.

How do you want to approach a release, given it depends on unreleased work in Rodauth?

@jeremyevans do you have a timeline or milestone in mind for cutting a new Rodauth release?

bjeanes on Nov 16, 2020

Thank you very much for testing 👍

Ok, I checked the run_callbacks implementation in Active Support, and indeed it doesn’t use any ensure for executing after_action callbacks. I agree we’ll probably need to catch(:halt) manually, and then re-throw it later.

Regarding check_csrf?, it will be false, because we’re skipping loading Roda’s CSRF plugin, and Rodauth’s default #check_csrf? is false when the CSRF Roda plugin is not loaded. I thought about still overriding it just in case, but ultimately I didn’t see the need.

janko on Nov 12, 2020

Hey Janko, I gave it a little spin this afternoon. Great work as always!

✔️ before_action runs!
✔️ rodauth action does NOT run if before_action creates a response
✔️ rescue_from works as expected 🙏
✔️ Caching controller makes sense. @ivars may be set by before_action etc. I actually already had to work around this in my integration of rodauth-rails to an existing app
❌ after_action does NOT appear to run. I wonder if this is due to how Roda relies on halt/throw. Perhaps Rails’ own run_callbacks does not use ensure. Potentially, you could do a catch(:halt) { yield } (or whatever it is), but I’m not sure how this should work. In any case, I don’t personally have any after_action

❌ Similarly around_action runs code before the action execution, but skips after.

i.e.:

around_action do |controller, action|
  # reached
  action.call
  # not reached
ensure
  # reached
end

I wonder if check_csrf should stay defined in feature, but return false. That would essentially skip Rodauth internal CSRF and rely on the before_action provided by the Rails controller.

I don’t use after_action often so I am actually not very sure how this should behave. But I suspect they should run in circumstances where they currently do not. That may also be considered “nice-to-have”.

bjeanes on Nov 15, 2020

Yes, I agree it would make sense for rodauth-rails to call rescue_from handlers defined in the associated Rodauth controller. It doesn’t seem these handlers are run as part of action callbacks, but it I believe it can be achieved easily by calling #rescue_with_handler on the controller instance. I’ll work on this tomorrow.

janko on Nov 5, 2020