From dd297ba59f323aba7acca2896bb2045f9f60b28b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20V=C3=A1squez?= Date: Thu, 5 Mar 2026 18:21:17 -0600 Subject: [PATCH 1/2] Fix CI because Brakeman mismatch --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 98d163e..c040098 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -101,7 +101,7 @@ GEM bootstrap-sass (3.4.1) autoprefixer-rails (>= 5.2.1) sassc (>= 2.0.0) - brakeman (8.0.2) + brakeman (8.0.4) racc builder (3.3.0) capybara (3.40.0) From c008034795a3d4e477889a00bcc54425fae45e03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20V=C3=A1squez?= Date: Thu, 5 Mar 2026 17:41:08 -0600 Subject: [PATCH 2/2] Fix double render in ApplicationController auth callbacks Both check_user_token and check_session_expiry rendered the login view without returning, causing the action to continue executing and Rails to raise AbstractController::DoubleRenderError on every unauthenticated or expired-session request. Co-Authored-By: Claude Sonnet 4.6 --- app/controllers/application_controller.rb | 10 ++++------ test/controllers/puzzles_controller_test.rb | 6 ++++++ 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 7410138..2031bdf 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -7,17 +7,15 @@ class ApplicationController < ActionController::Base private def check_user_token - unless session[:user_token] - render "puzzles/login" - end + render "puzzles/login" and return unless session[:user_token] end def check_session_expiry if session[:expires_at].present? && Time.current > session[:expires_at] reset_session - render "puzzles/login" - else - session[:expires_at] = 1.hour.from_now + render "puzzles/login" and return end + + session[:expires_at] = 1.hour.from_now end end diff --git a/test/controllers/puzzles_controller_test.rb b/test/controllers/puzzles_controller_test.rb index 6f64d3a..32d0618 100644 --- a/test/controllers/puzzles_controller_test.rb +++ b/test/controllers/puzzles_controller_test.rb @@ -7,6 +7,12 @@ class PuzzlesControllerTest < ActionDispatch::IntegrationTest assert_response :success end + test "unauthenticated request renders login page" do + get puzzles_path + assert_response :success + assert_match "login", response.body.downcase + end + test "should show error message when editing puzzle with invalid data" do puzzle = puzzles(:one)