Feature #10480
Updated by nobu (Nobuyoshi Nakada) over 9 years ago
Currently there's a bug in Devise/Rails when streaming is enabled through ActionController::Live module.
This module works by spawning a new thread to process the action. Devise uses a Rack middleware from Warden which works by a catch(:warden){} block. The problem is that when you ask Devise to authenticate in a before_action filter it will throw :warden when the authentication fails. Basically this is what happens:
~~~ruby ~~~
catch(:warden) do
thread = Thread.new {
begin
#...
throw :warden
#...
rescue => e
error = e
end
}
thread.join
raise error if error
end
~~~
This is just to illustrate. You can see the real code here:
https://github.com/rails/rails/blob/master/actionpack/lib/action_controller/metal/live.rb#L261
https://github.com/hassox/warden/blob/74162f2bf896b377472b6621ed1f6b40046525f4/lib/warden/manager.rb#L34
And the issues here:
https://github.com/plataformatec/devise/issues/2332
https://github.com/rails/rails/issues/13873
So, what happens is that throw is being called in a separate thread, outside the scope of the catch. Since it's not caught it raises an ArgumentError: "uncaught throw :warden".
There's currently no way to get the thrown symbol and the throw value from a generic handler as far as I know. Would it be possible to allow some kind of catch-all construction or at least to extract the throw params from the ArgumentError error? Or maybe use some new exception like UncaughtThrowException from which we would have access to the arguments?