Fix authenticated engine routes (#4081)

Fix infinite loop in authenticated engine routes in Rails 5

https://github.com/plataformatec/devise/issues/3705

gemfiles/Gemfile.rails-5.0

@@ -3,7 +3,7 @@ source "https://rubygems.org"
 gemspec path: ".."
 
 gem "rails", "5.0.0.rc1"
-gem "omniauth", " ~> 1.3"
+gem "omniauth", "~> 1.3"
 gem "oauth2"
 gem "omniauth-oauth2"
 gem "rdoc"

gemfiles/Gemfile.rails-5.0-beta.lock

@@ -1,199 +0,0 @@
-GIT
-  remote: git://github.com/rails/activemodel-serializers-xml.git
-  revision: f380ea5ddefcb9a37f4fbc47606ed6fbecdb2b2a
-  specs:
-    activemodel-serializers-xml (1.0.0)
-      activemodel (> 5.x)
-      activerecord (> 5.x)
-      activesupport (> 5.x)
-      builder (~> 3.1)
-
-PATH
-  remote: ..
-  specs:
-    devise (4.0.0.rc2)
-      bcrypt (~> 3.0)
-      orm_adapter (~> 0.1)
-      railties (>= 4.1.0, < 5.1)
-      responders
-      warden (~> 1.2.3)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    actioncable (5.0.0.beta3)
-      actionpack (= 5.0.0.beta3)
-      nio4r (~> 1.2)
-      websocket-driver (~> 0.6.1)
-    actionmailer (5.0.0.beta3)
-      actionpack (= 5.0.0.beta3)
-      actionview (= 5.0.0.beta3)
-      activejob (= 5.0.0.beta3)
-      mail (~> 2.5, >= 2.5.4)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
-    actionpack (5.0.0.beta3)
-      actionview (= 5.0.0.beta3)
-      activesupport (= 5.0.0.beta3)
-      rack (~> 2.x)
-      rack-test (~> 0.6.3)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.0.0.beta3)
-      activesupport (= 5.0.0.beta3)
-      builder (~> 3.1)
-      erubis (~> 2.7.0)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    activejob (5.0.0.beta3)
-      activesupport (= 5.0.0.beta3)
-      globalid (>= 0.3.6)
-    activemodel (5.0.0.beta3)
-      activesupport (= 5.0.0.beta3)
-    activerecord (5.0.0.beta3)
-      activemodel (= 5.0.0.beta3)
-      activesupport (= 5.0.0.beta3)
-      arel (~> 7.0)
-    activesupport (5.0.0.beta3)
-      concurrent-ruby (~> 1.0)
-      i18n (~> 0.7)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    arel (7.0.0)
-    bcrypt (3.1.11)
-    builder (3.2.2)
-    concurrent-ruby (1.0.1)
-    erubis (2.7.0)
-    faraday (0.9.2)
-      multipart-post (>= 1.2, < 3)
-    globalid (0.3.6)
-      activesupport (>= 4.1.0)
-    hashie (3.4.3)
-    i18n (0.7.0)
-    json (1.8.3)
-    jwt (1.5.1)
-    loofah (2.0.3)
-      nokogiri (>= 1.5.9)
-    mail (2.6.4)
-      mime-types (>= 1.16, < 4)
-    metaclass (0.0.4)
-    method_source (0.8.2)
-    mime-types (3.0)
-      mime-types-data (~> 3.2015)
-    mime-types-data (3.2016.0221)
-    mini_portile2 (2.0.0)
-    minitest (5.8.4)
-    mocha (1.1.0)
-      metaclass (~> 0.0.1)
-    multi_json (1.11.2)
-    multi_xml (0.5.5)
-    multipart-post (2.0.0)
-    nio4r (1.2.1)
-    nokogiri (1.6.7.2)
-      mini_portile2 (~> 2.0.0.rc2)
-    oauth2 (1.1.0)
-      faraday (>= 0.8, < 0.10)
-      jwt (~> 1.0, < 1.5.2)
-      multi_json (~> 1.3)
-      multi_xml (~> 0.5)
-      rack (>= 1.2, < 3)
-    omniauth (1.3.1)
-      hashie (>= 1.2, < 4)
-      rack (>= 1.0, < 3)
-    omniauth-facebook (3.0.0)
-      omniauth-oauth2 (~> 1.2)
-    omniauth-oauth2 (1.4.0)
-      oauth2 (~> 1.0)
-      omniauth (~> 1.2)
-    omniauth-openid (1.0.1)
-      omniauth (~> 1.0)
-      rack-openid (~> 1.3.1)
-    orm_adapter (0.5.0)
-    rack (2.0.0.alpha)
-      json
-    rack-openid (1.3.1)
-      rack (>= 1.1.0)
-      ruby-openid (>= 2.1.8)
-    rack-test (0.6.3)
-      rack (>= 1.0)
-    rails (5.0.0.beta3)
-      actioncable (= 5.0.0.beta3)
-      actionmailer (= 5.0.0.beta3)
-      actionpack (= 5.0.0.beta3)
-      actionview (= 5.0.0.beta3)
-      activejob (= 5.0.0.beta3)
-      activemodel (= 5.0.0.beta3)
-      activerecord (= 5.0.0.beta3)
-      activesupport (= 5.0.0.beta3)
-      bundler (>= 1.3.0, < 2.0)
-      railties (= 5.0.0.beta3)
-      sprockets-rails (>= 2.0.0)
-    rails-controller-testing (0.1.1)
-      actionpack (~> 5.x)
-      actionview (~> 5.x)
-      activesupport (~> 5.x)
-    rails-deprecated_sanitizer (1.0.3)
-      activesupport (>= 4.2.0.alpha)
-    rails-dom-testing (1.0.7)
-      activesupport (>= 4.2.0.beta, < 5.0)
-      nokogiri (~> 1.6.0)
-      rails-deprecated_sanitizer (>= 1.0.1)
-    rails-html-sanitizer (1.0.3)
-      loofah (~> 2.0)
-    railties (5.0.0.beta3)
-      actionpack (= 5.0.0.beta3)
-      activesupport (= 5.0.0.beta3)
-      method_source
-      rake (>= 0.8.7)
-      thor (>= 0.18.1, < 2.0)
-    rake (11.1.2)
-    rdoc (4.2.2)
-      json (~> 1.4)
-    responders (2.1.2)
-      railties (>= 4.2.0, < 5.1)
-    ruby-openid (2.7.0)
-    sprockets (3.6.0)
-      concurrent-ruby (~> 1.0)
-      rack (> 1, < 3)
-    sprockets-rails (3.0.4)
-      actionpack (>= 4.0)
-      activesupport (>= 4.0)
-      sprockets (>= 3.0.0)
-    sqlite3 (1.3.11)
-    thor (0.19.1)
-    thread_safe (0.3.5)
-    tzinfo (1.2.2)
-      thread_safe (~> 0.1)
-    warden (1.2.6)
-      rack (>= 1.0)
-    webrat (0.7.3)
-      nokogiri (>= 1.2.0)
-      rack (>= 1.0)
-      rack-test (>= 0.5.3)
-    websocket-driver (0.6.3)
-      websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.2)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  activemodel-serializers-xml!
-  activerecord-jdbc-adapter
-  activerecord-jdbcsqlite3-adapter
-  devise!
-  jruby-openssl
-  mocha (~> 1.1)
-  oauth2
-  omniauth (~> 1.3)
-  omniauth-facebook
-  omniauth-oauth2 (>= 1.2.0, < 1.5.0)
-  omniauth-openid (~> 1.0.1)
-  rails (= 5.0.0.beta3)
-  rails-controller-testing
-  rdoc
-  responders (~> 2.1.1)
-  sqlite3
-  webrat (= 0.7.3)
-
-BUNDLED WITH
-   1.11.2

lib/devise/failure_app.rb

@@ -135,17 +135,19 @@ module Devise
 
     def scope_url
       opts  = {}
+
+      # Initialize script_name with nil to prevent infinite loops in
+      # authenticated mounted engines in rails 4.2 and 5.0
+      opts[:script_name] = nil
+
       route = route(scope)
+
       opts[:format] = request_format unless skip_format?
 
       config = Rails.application.config
 
-      if config.respond_to?(:relative_url_root)
-        # Rails 4.2 goes into an infinite loop if opts[:script_name] is unset
-        rails_4_2 = (Rails::VERSION::MAJOR >= 4) && (Rails::VERSION::MINOR >= 2)
-        if config.relative_url_root.present? || rails_4_2
-          opts[:script_name] = config.relative_url_root
-        end
+      if config.respond_to?(:relative_url_root) && config.relative_url_root.present?
+        opts[:script_name] = config.relative_url_root
       end
 
       router_name = Devise.mappings[scope].router_name || Devise.available_router_name

test/integration/mounted_engine_test.rb

@@ -0,0 +1,36 @@
+require 'test_helper'
+
+class MyMountableEngine
+  def self.call(env)
+    ['200', { 'Content-Type' => 'text/html' }, ['Rendered content of MyMountableEngine']]
+  end
+end
+
+# If disable_clear_and_finalize is set to true, Rails will not clear other routes when calling
+# again the draw method. Look at the source code at:
+# http://www.rubydoc.info/docs/rails/ActionDispatch/Routing/RouteSet:draw
+Rails.application.routes.disable_clear_and_finalize = true
+
+Rails.application.routes.draw do
+  authenticate(:user) do
+    mount MyMountableEngine, at: '/mountable_engine'
+  end
+end
+
+class AuthenticatedMountedEngineTest < Devise::IntegrationTest
+  test 'redirects to the sign in page when not authenticated' do
+    get '/mountable_engine'
+    follow_redirect!
+
+    assert_response :ok
+    assert_contain 'You need to sign in or sign up before continuing.'
+  end
+
+  test 'renders the mounted engine when authenticated' do
+    sign_in_as_user
+    get '/mountable_engine'
+
+    assert_response :success
+    assert_contain 'Rendered content of MyMountableEngine'
+  end
+end