Sharing - Troubles I had combining password and passwordless auth in the same model and how I overcame them

[LLCampos]

Hey :)

While trying to combine password and passwordless auth in the same model in my current setup I hit some roadblocks. Since there's not much out there about this library decided to share what the issues were and how I overcame them.

Setup

gem "rails", "7.0.3.1"

gem "devise", "~> 4.9.2"  
gem "devise-passwordless", "~> 1.0.1"

My user model enables the following strategies:

devise :database_authenticatable, :registerable, :confirmable,  
       :recoverable, :rememberable, :trackable, :validatable, :omniauthable,  
       :lockable,  
       omniauth_providers: [:google_oauth2, :linkedin]

My routes:

devise_for(  
  :users,  
  only: [:omniauth_callbacks, :confirmations, :passwords, :sessions, :unlocks],  
  controllers: {  
    omniauth_callbacks: 'omniauth_callbacks',  
    confirmations: 'confirmations',  
    passwords: 'passwords',  
    sessions: 'sessions',  
    unlocks: 'unlocks'  
  }  
)

Problem 1 - OmniAuth error

When I add the following to my routes file

namespace "passwordless" do  
  devise_for :users, controllers: { sessions: "devise/passwordless/sessions" }  
end

I get the following error:

Wrong OmniAuth configuration. If you are getting this exception, it means that either:

1) You are manually setting OmniAuth.config.path_prefix and it doesn't match the Devise one  
2) You are setting :omniauthable in more than one model  
3) You changed your Devise routes/OmniAuth setting and haven't restarted your server

My solution was to skip the :omniauth_callbacks route creation. (Why is devise-passwordless trying to create routes for it?)

namespace "passwordless" do  
  devise_for :users, skip: [:omniauth_callbacks], controllers: { sessions: "devise/passwordless/sessions" }  
end

Problem 2 - Default URL in mailer doesn't work

After this, I can create a view with a form that submits the request for a magic link to passwordless_user_session_path. But when I do that I get

undefined method `user_magic_link_url' for #<ActionDispatch::Routing::RoutesProxy:0x000000010cc68150>

The generated email template assumes that we are using a setup where only passwordless sign in is being used. Since we're namespacing the devise-passwordless routes we have to change the URL to passwordless_user_magic_link_url

Problem 3 -

Great, now I get an email with the magic link! But when I click it I get the following Routing error:

uninitialized constant Passwordless Did you mean? PasswordsController

No ideia why this is happening, but adding the following to the routes file:

devise_scope :user do  
  get 'passwordless/user/magic_link',  
      to: 'devise/magic_links#show',  
      as: 'passwordless_user_magic_link'  
end

(Based on this blogpost)

And changing the call to the passwordless devise_for to

namespace "passwordless" do  
  devise_for :users, skip: [:omniauth_callbacks, :magic_link], controllers: { sessions: "devise/passwordless/sessions" }  
end

solves it.

Success

Now everything works! :)

Problem 1 and Problem 3 are mysterious and would be nice that they didn't happen. Are they due to some bug(s)? Or (more probable) due to something wrong in my setup?

Regarding, Problem 2, maybe it would be useful to add some lines in the docs about it?

[abevoelker]

Sorry you encountered problems but thanks for taking the time to write all that up and share your experiences! No detectable hint of anger either... you must meditate! 😄

My solution was to skip the :omniauth_callbacks route creation. (Why is devise-passwordless trying to create routes for it?)

Not to point the finger, but are we sure the OmniAuth setup doesn't have quirks with multiple devise_for declarations for the same model? If you remove this gem and make the second devise_for look like this:

namespace "passwordless" do
  devise_for :users
end

does it raise the same OmniAuth error? I would be surprised if our gem was involved in the problem as we don't have any special routing logic beyond adding a helper method 🤔

The generated email template assumes that we are using a setup where only passwordless sign in is being used. Since we're namespacing the devise-passwordless routes we have to change the URL to passwordless_user_magic_link_url

Hmm, the URL helper should work in this scenario. If you look in our integration test suite, we use namespaced routes a lot with no problems: https://github.com/abevoelker/devise-passwordless/blob/6e3c26dff8924ee9050f3b4d6fa312ece39669e4/spec/dummy_app_config/shared_source/all/config/routes.rb

The routing workarounds in problems 2 and 3 definitely shouldn't be necessary, I'm not sure what exactly is going on with the routing but something is strange. Would you be comfortable sharing a stripped-down version of your app that I could take a look at more in-depth some time? We definitely want to get this working way more cleanly than what you've had to do!