Fix Refresh token AbstractController::DoubleRenderError #29

xkraty · 2023-08-21T15:38:10Z

In app/controllers/api/devise/tokens_controller.rb#refresh was causing AbstractController::DoubleRenderError when access_token is revoked due to a missing return.

        if current_devise_api_refresh_token.revoked?
          error_response = Devise::Api::Responses::ErrorResponse.new(request, error: :revoked_token,
                                                                              resource_class: resource_class)

          return render json: error_response.body, status: error_response.status
        end

In spec/requests/token_spec.rb some refresh_token tests was passing access_token in headers

      before do
        post refresh_user_tokens_path, headers: authentication_headers_for(user, devise_api_token, :refresh_token), as: :json
      end

…rs_for

samuelboland · 2023-10-23T17:50:04Z

I was about to submit a PR to fix this same issue, but found this one already open. It'd be great if this could be merged.

xkraty added 2 commits August 21, 2023 16:08

added return to avoid DoubleRenderError in case of revoked token

a5df264

fix refresh token tests to send refresh_token in authentication_heade…

adac9a0

…rs_for

nejdetkadir approved these changes Oct 23, 2023

View reviewed changes

nejdetkadir merged commit 7995136 into nejdetkadir:main Oct 23, 2023

xkraty deleted the avoid-double-render-error branch October 23, 2023 19:54

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix Refresh token AbstractController::DoubleRenderError #29

Fix Refresh token AbstractController::DoubleRenderError #29

xkraty commented Aug 21, 2023

samuelboland commented Oct 23, 2023

Fix Refresh token AbstractController::DoubleRenderError #29

Fix Refresh token AbstractController::DoubleRenderError #29

Conversation

xkraty commented Aug 21, 2023

samuelboland commented Oct 23, 2023