-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incorrect error message when entering valid token after entering invalid token #94
Comments
Could you try to track this down and submit a PR? |
I will try to find some time to do so! |
OK, I tracked this down to
The issue may be that the messages are being set using See https://api.rubyonrails.org/classes/ActionDispatch/Flash/FlashHash.html#method-i-now, https://stackoverflow.com/questions/18748072/rails-4-flash-message-persists-for-the-next-page-view, and https://medium.com/@tdonovan79/flash-in-rails-apps-df5ef389139f for additional info. I'm not sure if there needs to be differentiation between some flash messages persisting through redirects and others only for the current page. So I haven't created a PR yet as there is probably some nuance there that may be affected by creating all messages with |
Can confirm that this does impact other places by altering the above call to |
Hi @pkarjala, thank you for bringing this to our attention. And yes, you are correct that some flash messages need to called with "flash.new." @strzibny, a further complication here is that the OtpCredentialsController#update action redirects for blank tokens (which works fine, since the redirect itself counts as the next action), but renders "show" for invalid tokens (which displays the flash on the next controller action, i.e. after logging in). The devise gem itself handles this in the equivalent "set_flash_message" by toggling whether to display the message immediately (i.e. flash.now) or on the next action (i.e. just flash) via an additional "now" option, so this is probably a good design pattern for us too (see below).
I will push up a PR with a fix for the immediate issue (i.e. the "invalid_token" message), a modification to the otp_set_flash_message method, and the underlying consistency between the way we handle blank and invalid tokens. |
Thanks for the investigation, I agree |
FYI, I found a couple of additional occurrences of the flash message issue. See PR #96 for resolution. |
Okay, I think we can close this and I'll likely release 1.0 soon. |
devise 4.9.4
devise-otp 0.7.1
Steps to reproduce:
The token you provided was invalid.
and be redirected back to token entry page.The token you provided was invalid.
This occurs each time after entering an invalid token, then subsequently entering a valid token. Once you have logged into the application, the error message displays. Navigating to another page in the application without logging out causes the error message to disappear, so it is only happening after the initial failed and subsequent successful token login.
The text was updated successfully, but these errors were encountered: