CODEWITHSUNDEEP
ruby-on-railsrubyhttp-redirectactivesupport
Steve Hall
Steve Hall

Reputation: 469

ActiveSupport MessageVerifier InvalidSignature error handling not working as expected

All,

I have a view which, onload, executes some JQuery code to populate a select_tag box:

var request = $.get("getLocalSuites");

getLocalSuites routes to the following function in the controller:

  def getLocal
    myPass = sessionPass
    if (myPass != nil)
      puts "4"
      result = @@p4object.getLocalSuites(sessionUser,myPass)
      render :json => result
    end
  end

Where sessionPass and sessionUser functions are defined:

  def sessionUser()
    myConnectedUser = ConnectedUser.find_by username: cookies[:username]
    return myConnectedUser[:username]
  end

  def sessionPass()
    begin
    myConnectedUser = ConnectedUser.find_by username: cookies[:username]
    puts "1"
    verifier = ActiveSupport::MessageVerifier.new(cookies[:session])
    puts "2"
    mysession = verifier.verify(myConnectedUser[:password])
    rescue ActiveSupport::MessageVerifier::InvalidSignature
      puts "3"
      redirect_to sign_in_session_expired_url
    end
    puts mysession
    return mysession
  end

So in other words - my jQuery calls getLocal, which finds a username and password stored in the DB. It then verifies the returned encrypted password against a session cookie. If this verification fails, it should redirect back to the sign in page, rather than try to continue to render the current page.

The server log is correctly showing Redirected to http://localhost:3000/sign_in_session_expired ... but rather than seeing the sign in screen, the "original" view (with select_tag etc) is rendered - with the LocalSuites select_tag populated with some sort of HTML - each character as a new row: <!DOCTYPE html> <html etc etc

Can anyone explain what I am misunderstanding here - why my redirect appears to work (according to server log) - but doesn't actually happen?

Thanks!

Upvotes: 0

Views: 2731

Answers (1)

Uri Agassi
Uri Agassi

Reputation: 37419

The browser is not redirected automatically, since the redirect is received within an AJAX call, and not a regular browser GET, so the browser does not handle redirects.

See this question: How to manage a redirect request after a jQuery Ajax call

I had a similar problem to yours. I perform an ajax request that has 2 possible responses: one that redirects the browser to a new page and one that replaces an existing HTML form on the current page with a new one. The jquery code to do this looks something like:

$.ajax({
    type: "POST",
    url: reqUrl,
    data: reqBody,
    dataType: "json",
    success: function(data, textStatus) {
        if (data.redirect) {
            // data.redirect contains the string URL to redirect to
            window.location.href = data.redirect;
        }
        else {
            // data.form contains the HTML for the replacement form
            $("#myform").replaceWith(data.form);
        }
    }
});

The JSON object "data" is constructed on the server to have 2 members: data.redirect and data.form. I found this approach to be much better.

Upvotes: 1

Related Questions