remember_me module raises 'undefined method' error if no SSL. #273
Open
Description
Configuration
- Sorcery Version: 0.16.0
- Ruby Version: ruby-2.6.6
- Framework: Rails 6.0.3.5
- Platform: MacOS
Expected Behavior
I just turned enabled remember_me. I don't expect it to work on localhost without SSL but it shouldn't blow up.
Actual Behavior
With the remember_me module enabled, if you check to see if the user is logged_in?, this code in the remember_me module raises an error undefined method 'signed' for nil:NilClass because signed cookies are not available unless you are using SSL.
# remember_me.rb
def login_from_cookie
user = cookies.signed[:remember_me_token] && … if defined? cookies
(…)
end
Steps to Reproduce
# sorcery.rb
Rails.application.config.sorcery.submodules = [:reset_password, :session_timeout, :remember_me]
# my code in a controller action
def show
puts 'hello' if logged_in?
end
This workaround fixes it for me:
# application_controller.rb
def login_from_cookie
super if request.ssl?
end
It's an easy fix and I can submit a PR with a test if it's useful.
The check for cookies needs to check whether cookies is nil.
# remember_me.rb line 62
user = cookies.signed[:remember_me_token] (…) if defined?(cookies) && cookies