Override current_user by checking if a user is already authenticated to avoid triggering authentication if it is not the case https://github.com/heartcombo/devise/issues/5602\#issuecomment-1876164084

2024-12-19 12:02:28 +01:00 · 2024-12-19 12:02:28 +01:00 · cfb7dcbb51
commit cfb7dcbb51
parent ef4e680d53
2 changed files with 10 additions and 1 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -98,6 +98,14 @@ class ApplicationController < ActionController::Base
    current_expert.present?
  end

+  # calling current_user in a before_action will trigger the warden authentication (devise behavior)
+  # which is not what we want in a before_action of a sign_in action (current_user should be nil before explicit sign_in)
+  # so we need to override current_user to avoid this
+  # https://github.com/heartcombo/devise/issues/5602#issuecomment-1876164084
+  def current_user
+    super if warden.authenticated?(scope: :user)
+  end
+
  def current_account
    {
      gestionnaire: current_gestionnaire,
--- a/spec/controllers/users/sessions_controller_spec.rb
+++ b/spec/controllers/users/sessions_controller_spec.rb
@ -99,11 +99,12 @@ describe Users::SessionsController, type: :controller do

    context 'when email domain is in mandatory list' do
      let(:email) { 'user@beta.gouv.fr' }
-      it 'redirects to agent connect with force parameter' do
+      it 'redirects to agent connect with force parameter and is not logged in' do
        expect(AgentConnectService).to receive(:enabled?).and_return(true)
        subject
        expect(response).to redirect_to(agent_connect_path(force_agent_connect: true))
        expect(flash[:alert]).to eq("La connexion des agents passe à présent systématiquement par AgentConnect")
+        expect(controller.current_user).to be_nil
      end
    end
  end