Incompatibility with devise authenticate routes

[swrobel]

When using the appmap along with devise authenticated routes such as this snippet from routes.rb:

authenticate :admin_user do
  mount Motor::Admin => "/admin"
  mount Sidekiq::Web => "/sidekiq"
end

Attempting to visit an authenticated route yields this exception, regardless of whether the user is authenticated or not. Removing the appmap gem fixes the issue.

Puma caught this error: undefined method `authenticate!' for nil (NoMethodError)
gems/devise-4.9.4/lib/devise/rails/routes.rb:479:in `block in constraints_for'
gems/actionpack-7.1.3.2/lib/action_dispatch/routing/mapper.rb:44:in `block in matches?'
gems/actionpack-7.1.3.2/lib/action_dispatch/routing/mapper.rb:42:in `all?'
gems/actionpack-7.1.3.2/lib/action_dispatch/routing/mapper.rb:42:in `matches?'
gems/appmap-1.0.0/lib/appmap/handler/rails/request_handler.rb:65:in `block in normalized_path'
gems/actionpack-7.1.3.2/lib/action_dispatch/journey/router.rb:75:in `block in recognize'
gems/actionpack-7.1.3.2/lib/action_dispatch/journey/router.rb:131:in `block in find_routes'
gems/actionpack-7.1.3.2/lib/action_dispatch/journey/router.rb:124:in `each'
gems/actionpack-7.1.3.2/lib/action_dispatch/journey/router.rb:124:in `find_routes'
gems/actionpack-7.1.3.2/lib/action_dispatch/journey/router.rb:67:in `recognize'
gems/appmap-1.0.0/lib/appmap/handler/rails/request_handler.rb:63:in `normalized_path'
gems/appmap-1.0.0/lib/appmap/handler/rails/request_handler.rb:20:in `initialize'
gems/appmap-1.0.0/lib/appmap/handler/rails/request_handler.rb:159:in `new'
gems/appmap-1.0.0/lib/appmap/handler/rails/request_handler.rb:159:in `before_hook'
gems/appmap-1.0.0/lib/appmap/hook/method/ruby3.rb:16:in `block in call'
gems/appmap-1.0.0/lib/appmap/hook/method.rb:125:in `with_disabled_hook'
gems/appmap-1.0.0/lib/appmap/hook/method/ruby3.rb:16:in `call'
gems/appmap-1.0.0/lib/appmap/hook/method/ruby3.rb:70:in `block in hook_method_def'
gems/appmap-1.0.0/lib/appmap/middleware/remote_recording.rb:130:in `call'
gems/actionpack-7.1.3.2/lib/action_dispatch/middleware/static.rb:25:in `call'
gems/rack-2.2.9/lib/rack/sendfile.rb:110:in `call'
gems/actionpack-7.1.3.2/lib/action_dispatch/middleware/host_authorization.rb:141:in `call'
gems/rack-cors-2.0.2/lib/rack/cors.rb:102:in `call'
gems/railties-7.1.3.2/lib/rails/engine.rb:536:in `call'
gems/puma-6.4.2/lib/puma/configuration.rb:272:in `call'
gems/puma-6.4.2/lib/puma/request.rb:100:in `block in handle_request'
gems/puma-6.4.2/lib/puma/thread_pool.rb:378:in `with_force_shutdown'
gems/puma-6.4.2/lib/puma/request.rb:99:in `handle_request'
gems/puma-6.4.2/lib/puma/server.rb:464:in `process_client'
gems/puma-6.4.2/lib/puma/server.rb:245:in `block in run'
gems/puma-6.4.2/lib/puma/thread_pool.rb:155:in `block in spawn_thread'

[kgilpin]

Hi, thanks for reporting this. Users have worked with devise in the past, we have also done some devise integration.

It looks like request.env['warden']. is undefined.

Can you print the rake middleware with and without appmap? Maybe it should go into a different slot.

[swrobel]

Can you print the rake middleware with and without appmap? Maybe it should go into a different slot.

Here's a diff:

 use Rack::Cors
 use ActionDispatch::HostAuthorization
 use Rack::Sendfile
 use ActionDispatch::Static
+use AppMap::Middleware::RemoteRecording
 use ActionDispatch::Executor
 use ActionDispatch::ServerTiming
 use ActiveSupport::Cache::Strategy::LocalCache::Middleware
 use Rack::Runtime
 use Rack::MethodOverride
 use ActionDispatch::RequestId
 use RequestStore::Middleware
 use ActionDispatch::RemoteIp
 use Rails::Rack::Logger
 use ActionDispatch::ShowExceptions
 use WebConsole::Middleware
 use ActionDispatch::DebugExceptions
 use Bugsnag::Rack
 use ActionDispatch::ActionableExceptions
 use ActionDispatch::Reloader
 use ActionDispatch::Callbacks
 use ActiveRecord::Migration::CheckPending
 use ActionDispatch::Cookies
 use ActionDispatch::Session::CookieStore
 use ActionDispatch::Flash
 use ActionDispatch::ContentSecurityPolicy::Middleware
 use ActionDispatch::PermissionsPolicy::Middleware
 use Rack::Head
 use Rack::ConditionalGet
 use Rack::ETag
 use Rack::TempfileReaper
 use Warden::Manager
 use Bullet::Rack
 run MyApp::Application.routes

[kgilpin]

Well, I'm learning how devise works from this :-) By applying this constraint, Rails actually, essentially hides the route if the user is not authenticated. I am not sure that this is how Rails authors intended for routing constraints to be used but, here we are :-).

AppMap is using the router here because it's detecting the normalized path in a way that understands Rails engines. It looks to me like it's safe to ignore exceptions that occur while testing the routes for this purpose.

Here's a branch that ignores this error, can you check if it resolves this issue? #359

[swrobel]

Here's a branch that ignores this error, can you check if it resolves this issue?

It does, thanks!

[kgilpin]

@dividedmind do you think we need to do something smarter here, or is this sufficient?

[dividedmind]

@kgilpin I'm not sure, won't this leave the normalized route unresolved? I'm also a bit concerned that it swallows the exception silently and unconditionally. It'll mask any other issues that might arise there.

[kgilpin]

So, in this case because the user is not authenticated, Rails will actually report this as a 404 so essentially the route does not exist. I think it’s weird that devise works this way but I’m not sure what else to do about it. I suppose we could warn

[dividedmind]

So, in this case because the user is not authenticated, Rails will actually report this as a 404 so essentially the route does not exist. I think it’s weird that devise works this way but I’m not sure what else to do about it. I suppose we could warn

My concern is whether it won't still fail to resolve a normalized route even when the user is authenticated.

[kgilpin]

I see. So maybe we should build the authenticated route at the end of the request instead of at the beginning.

[swrobel]

FYI, there's some sort of actions trigger related to opening an issue that's failing

[dividedmind]

I see. So maybe we should build the authenticated route at the end of the request instead of at the beginning.

That's a good idea. I'll open an issue.

In the meantime, I think we should go ahead with your quick fix, showing a warning and with a TODO comment in the code, so we remember to remove it when we implement the proper solution.

[dividedmind]

FYI, there's some sort of actions trigger related to opening an issue that's failing

Thanks! @kgilpin I believe the token is expired; I don't have access to rotate it.

[kgilpin]

I've dropped that workflow and updated the PR. Take a look...

[kgilpin]

🎉 This issue has been resolved in version 1.0.1 🎉

The release is available on:

• v1.0.1
• GitHub release

Your semantic-release bot 📦🚀