Project

General

Profile

Feature #10480

Updated by nobu (Nobuyoshi Nakada) about 10 years ago

Currently there's a bug in Devise/Rails when streaming is enabled through ActionController::Live module. 

 This module works by spawning a new thread to process the action. Devise uses a Rack middleware from Warden which works by a catch(:warden){} block. The problem is that when you ask Devise to authenticate in a before_action filter it will throw :warden when the authentication fails. Basically this is what happens: 

 ~~~ruby ~~~ 
 catch(:warden) do 
   thread = Thread.new { 
     begin 
       #... 
       throw :warden 
       #... 
     rescue => e 
       error = e 
     end 
   } 
   thread.join 
   raise error if error 
 end 
 ~~~ 

 This is just to illustrate. You can see the real code here: 
 https://github.com/rails/rails/blob/master/actionpack/lib/action_controller/metal/live.rb#L261 

 https://github.com/hassox/warden/blob/74162f2bf896b377472b6621ed1f6b40046525f4/lib/warden/manager.rb#L34 

 And the issues here: 

 https://github.com/plataformatec/devise/issues/2332 
 https://github.com/rails/rails/issues/13873 

 So, what happens is that throw is being called in a separate thread, outside the scope of the catch. Since it's not caught it raises an ArgumentError: "uncaught throw :warden". 

 There's currently no way to get the thrown symbol and the throw value from a generic handler as far as I know. Would it be possible to allow some kind of catch-all construction or at least to extract the throw params from the ArgumentError error? Or maybe use some new exception like UncaughtThrowException from which we would have access to the arguments?

Back