fix(devise): default config for devise and turbo stream as navigational format

Gemfile.lock

@@ -196,7 +196,7 @@ GEM
       sinatra (>= 1.4.4)
     descendants_tracker (0.0.4)
       thread_safe (~> 0.3, >= 0.3.1)
-    devise (4.9.0)
+    devise (4.9.2)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)
@@ -437,7 +437,7 @@ GEM
       rake
     mini_magick (4.11.0)
     mini_mime (1.1.2)
-    mini_portile2 (2.8.1)
+    mini_portile2 (2.8.2)
     minitest (5.18.0)
     msgpack (1.4.2)
     multi_json (1.15.0)
@@ -812,7 +812,7 @@ GEM
       nokogiri (~> 1.11)
     xpath (3.2.0)
       nokogiri (~> 1.8)
-    zeitwerk (2.6.7)
+    zeitwerk (2.6.8)
     zip_tricks (5.6.0)
     zipline (1.4.1)
       actionpack (>= 6.0, < 8.0)

config/initializers/devise.rb

@@ -227,7 +227,7 @@ Devise.setup do |config|
   # should add them to the navigational formats lists.
   #
   # The "*/*" below is required to match Internet Explorer requests.
-  config.navigational_formats = ['*/*', :html]
+  # config.navigational_formats = ['*/*', :html, :turbo_stream]
 
   # The default HTTP method used to sign out a resource. Default is :delete.
   config.sign_out_via = :delete
@@ -253,4 +253,12 @@ Devise.setup do |config|
   # When using omniauth, Devise cannot automatically set Omniauth path,
   # so you need to do it manually. For the users scope, it would be:
   # config.omniauth_path_prefix = '/my_engine/users/auth'
+
+  # When using Devise with Hotwire/Turbo, the http status for error responses
+  # and some redirects must match the following. The default in Devise for existing
+  # apps is `200 OK` and `302 Found respectively`, but new apps are generated with
+  # these new defaults that match Hotwire/Turbo behavior.
+  # Note: These might become the new default in future versions of Devise.
+  config.responder.error_status = :unprocessable_entity
+  config.responder.redirect_status = :see_other
 end

spec/controllers/attachments_controller_spec.rb

@@ -38,7 +38,7 @@ describe AttachmentsController, type: :controller do
     end
 
     context 'when not authenticated' do
-      it { is_expected.to have_http_status(401) }
+      it { is_expected.to redirect_to(new_user_session_path) }
     end
   end
 
@@ -79,7 +79,7 @@ describe AttachmentsController, type: :controller do
     end
 
     context 'when not authenticated' do
-      it { is_expected.to have_http_status(401) }
+      it { is_expected.to redirect_to(new_user_session_path) }
 
       it 'doesn’t remove the attachment' do
         subject

spec/controllers/champs/rna_controller_spec.rb

@@ -147,7 +147,7 @@ describe Champs::RNAController, type: :controller do
     context 'when user is not signed in' do
       subject! { get :show, params: { champ_id: champ.id }, format: :turbo_stream }
 
-      it { expect(response.code).to eq('401') }
+      it { expect(response.code).to redirect_to(new_user_session_path) }
     end
   end
 end

spec/controllers/champs/siret_controller_spec.rb

@@ -152,7 +152,7 @@ describe Champs::SiretController, type: :controller do
     context 'when user is not signed in' do
       subject! { get :show, params: { champ_id: champ.id }, format: :turbo_stream }
 
-      it { expect(response.code).to eq('401') }
+      it { expect(response).to redirect_to(new_user_session_path) }
     end
   end
 end