From fd510915bcb4ee5856266060d413a9b9a5002b6c Mon Sep 17 00:00:00 2001
From: Chris Gunther <chris@room118solutions.com>
Date: Sat, 1 Mar 2025 14:27:40 -0500
Subject: [PATCH] Set `attempted_path` in `warden.options` before calling
 failure app in controller test helpers

In controller tests, the failure app seems to be called directly rather
than going through Warden. As such, it duplicates some of the set up
Warden does before calling the failure app, however didn't set
`attempted_path`, like Warden does. Therefore, if your custom failure
app relied on `attempted_path`, it wouldn't be set in your controller
tests, leading to different behavior in tests versus production.

This now brings the test helper closer in-line with the Warden
implementation.

https://github.com/wardencommunity/warden/blob/67f5ba6baaa7564ec79afef02cf3a4d0f7d312e5/lib/warden/manager.rb#L138-L143
---
 CHANGELOG.md                          |  1 +
 lib/devise/test/controller_helpers.rb |  1 +
 test/test/controller_helpers_test.rb  | 13 +++++++++++++
 3 files changed, 15 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 28c1240b9..9c80ae17e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -33,6 +33,7 @@
     so it's possible to override `password_length` at runtime. (@manojmj92)
 * bug fixes
   * Make `Devise` work without `ActionMailer` when `Zeitwerk` autoloader is used.
+  * Set `attempted_path` in `warden.options` before calling failure app in controller test helpers.
 
 Please check [4-stable](https://github.com/heartcombo/devise/blob/4-stable/CHANGELOG.md)
 for previous changes.
diff --git a/lib/devise/test/controller_helpers.rb b/lib/devise/test/controller_helpers.rb
index aba2bb448..39fd5010e 100644
--- a/lib/devise/test/controller_helpers.rb
+++ b/lib/devise/test/controller_helpers.rb
@@ -135,6 +135,7 @@ def _process_unauthenticated(env, options = {})
         when :custom
           proxy.custom_response
         else
+          options.merge!(:attempted_path => ::Rack::Request.new(env).fullpath)
           request.env["PATH_INFO"] = "/#{options[:action]}"
           request.env["warden.options"] = options
           Warden::Manager._run_callbacks(:before_failure, env, options)
diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb
index 7ba9f3c67..be3507f3b 100644
--- a/test/test/controller_helpers_test.rb
+++ b/test/test/controller_helpers_test.rb
@@ -95,6 +95,19 @@ def respond
     end
   end
 
+  test "sets attempted_path in warden.options" do
+    custom_failure_app = Class.new(Devise::FailureApp) do
+      def redirect_url
+        attempted_path
+      end
+    end
+
+    swap Devise.warden_config, failure_app: custom_failure_app do
+      get :index
+      assert_redirected_to "/users"
+    end
+  end
+
   test "returns the body of a failure app" do
     get :index