RubyGems - standard_id - Versions diffs - 0.26.3 → 0.26.4 - Mend

standard_id 0.26.3 → 0.26.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a44aeb31a30319f06f305078bc0d9f0f5c20eff095680f3414085a7fb031c39c
-  data.tar.gz: 05bb225c7724ece28d0702345fe8f0560bef3e69d972a4b5f82ee3f97a304048
+  metadata.gz: 80484283cdfb54ecc2ead53d1498b5cd9ee88813e755b972db2e2d15561362f7
+  data.tar.gz: 9f9aaea4b18b29a61c3d3e70d7be8f1c2016455b3866181b9bea0cd272617405
 SHA512:
-  metadata.gz: 4d796392613832ea4987009991eb1c191936a492cfe60e69964ee28416c9e6c5715263499bf12045563bf9d861996f07fc6eca0def955e776dbf25cbb4f2b833
-  data.tar.gz: e12e0634851c73da51edff7433392bf44ce721fbc078dc993cee9f6035bec336ca60b38c2d0897e9a0478075d32ff9984c0ecfb1063882a9cfcf814501a2e75b
+  metadata.gz: 203398f53eacaf60b272dbaf84794c71d2a975fbd1f49669d37dc3375de6fa7d24f00b36f352a9bb09909e82e1947f4513082b397b61a664e22f0180aa34f665
+  data.tar.gz: 737d854a5784cf508954f343482e0476e2f5ad7a40322a26d7e0360c6910af6333a954bab7e9f490fb66ffc77ee15946dff62e2afd4a5d67387c9aca60e04cf4

data/app/controllers/concerns/standard_id/lifecycle_hooks.rb CHANGED Viewed

@@ -197,7 +197,9 @@ module StandardId
       # When raised without arguments, StandardError#message returns the class name
       message = "Sign-in was denied" if message.blank? || message == error.class.name
       login_path = begin
-        StandardId::WebEngine.routes.url_helpers.login_path
+        # Engine `_path` helpers are mount-relative and redirect_to won't prepend
+        # the mount's SCRIPT_NAME (no-op at root), so a non-root mount would 404.
+        "#{request.script_name}#{StandardId::WebEngine.routes.url_helpers.login_path}"
       rescue NameError, NoMethodError, ActionController::UrlGenerationError
         StandardId.config.login_url || "/"
       end

data/app/controllers/standard_id/web/account_controller.rb CHANGED Viewed

@@ -16,7 +16,7 @@ module StandardId
         @account = current_account
         if @account.update(account_params)
-          redirect_to account_path, notice: "Account updated successfully"
+          redirect_to engine_path(account_path), notice: "Account updated successfully"
         else
           flash.now[:alert] = @account.errors.full_messages.join(", ")
           render :edit, status: :unprocessable_content

data/app/controllers/standard_id/web/base_controller.rb CHANGED Viewed

@@ -36,6 +36,21 @@ module StandardId
         redirect_to_login
       end
+      # Prefix an engine-relative path with the current mount point's SCRIPT_NAME.
+      #
+      # Isolated-engine `_path` helpers return paths relative to the engine mount
+      # (e.g. "/login_verify"), and `redirect_to` / `redirect_with_inertia` —
+      # unlike view URL generation (form_with / link_to / url_for) — do NOT
+      # prepend the mount's SCRIPT_NAME. So a bare `redirect_to login_verify_path`
+      # 404s when the engine is mounted at a non-root path (e.g. "/auth" yields
+      # "/login_verify" instead of "/auth/login_verify"). SCRIPT_NAME is "" for a
+      # root mount, so this is a no-op there. Apply ONLY to engine-relative paths
+      # — host destinations (after_authentication_url, safe_post_signin_default)
+      # are already absolute and must not be prefixed.
+      def engine_path(path)
+        "#{request.script_name}#{path}"
+      end
       # Read a top-level query/form param expected to be a scalar String, returning
       # nil for absent/blank values OR if Rails parsed it as an Array/Hash (e.g. from
       # `?redirect_uri[]=a&redirect_uri[]=b`). Without this guard, `redirect_to` is

data/app/controllers/standard_id/web/login_controller.rb CHANGED Viewed

@@ -108,7 +108,7 @@ module StandardId
         redirect_uri = string_param(:redirect_uri)
         session[:return_to_after_authenticating] = redirect_uri if redirect_uri
-        redirect_to login_verify_path, status: :see_other
+        redirect_to engine_path(login_verify_path), status: :see_other
       end
       def redirect_if_authenticated

data/app/controllers/standard_id/web/login_verify_controller.rb CHANGED Viewed

@@ -94,7 +94,7 @@ module StandardId
         signed_payload = session[:standard_id_otp_payload]
         if signed_payload.blank?
-          redirect_to login_path, alert: "Please start the login process"
+          redirect_to engine_path(login_path), alert: "Please start the login process"
           return
         end
@@ -102,7 +102,7 @@ module StandardId
           @otp_data = Rails.application.message_verifier(:otp).verify(signed_payload).symbolize_keys
         rescue ActiveSupport::MessageVerifier::InvalidSignature
           session.delete(:standard_id_otp_payload)
-          redirect_to login_path, alert: "Your verification session has expired. Please try again."
+          redirect_to engine_path(login_path), alert: "Your verification session has expired. Please try again."
         end
       end

data/app/controllers/standard_id/web/reset_password/confirm_controller.rb CHANGED Viewed

@@ -20,7 +20,7 @@ module StandardId
           if form.submit
             flash[:notice] = "Your password has been successfully reset. Please sign in with your new password."
-            redirect_to login_path, status: :see_other
+            redirect_to engine_path(login_path), status: :see_other
           else
             flash.now[:alert] = form.errors.full_messages.to_sentence
             render :show, status: :unprocessable_content
@@ -41,7 +41,7 @@ module StandardId
           return if @password_credential.present?
           flash[:alert] = "Invalid or expired password reset link"
-          redirect_to login_path, status: :see_other
+          redirect_to engine_path(login_path), status: :see_other
         end
       end
     end

data/app/controllers/standard_id/web/reset_password/start_controller.rb CHANGED Viewed

@@ -21,7 +21,7 @@ module StandardId
           if form.submit
             flash[:notice] = "If an account with that email exists, we've sent password reset instructions."
-            redirect_to login_path, status: :see_other
+            redirect_to engine_path(login_path), status: :see_other
           else
             flash.now[:alert] = form.errors[:email].first || "Please enter your email address"
             render :show, status: :unprocessable_content

data/app/controllers/standard_id/web/sessions_controller.rb CHANGED Viewed

@@ -19,10 +19,10 @@ module StandardId
         else
           # Revoke other session
           session.revoke!
-          redirect_to sessions_path, notice: "Session revoked successfully"
+          redirect_to engine_path(sessions_path), notice: "Session revoked successfully"
         end
       rescue ActiveRecord::RecordNotFound
-        redirect_to sessions_path, alert: "Session not found"
+        redirect_to engine_path(sessions_path), alert: "Session not found"
       end
     end
   end

data/lib/standard_id/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module StandardId
-  VERSION = "0.26.3"
+  VERSION = "0.26.4"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: standard_id
 version: !ruby/object:Gem::Version
-  version: 0.26.3
+  version: 0.26.4
 platform: ruby
 authors:
 - Jaryl Sim