Fix double render in ApplicationController auth callbacks

JuanVqz · claude · JuanVqz · commit c008034795a3 · 2026-03-05T18:26:05.000-06:00
Both check_user_token and check_session_expiry rendered the login view
without returning, causing the action to continue executing and Rails to
raise AbstractController::DoubleRenderError on every unauthenticated or
expired-session request.

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -7,17 +7,15 @@ class ApplicationController < ActionController::Base
   private
 
   def check_user_token
-    unless session[:user_token]
-      render "puzzles/login"
-    end
+    render "puzzles/login" and return unless session[:user_token]
   end
 
   def check_session_expiry
     if session[:expires_at].present? && Time.current > session[:expires_at]
       reset_session
-      render "puzzles/login"
-    else
-      session[:expires_at] = 1.hour.from_now
+      render "puzzles/login" and return
     end
+
+    session[:expires_at] = 1.hour.from_now
   end
 end
diff --git a/test/controllers/puzzles_controller_test.rb b/test/controllers/puzzles_controller_test.rb
@@ -7,6 +7,12 @@ class PuzzlesControllerTest < ActionDispatch::IntegrationTest
     assert_response :success
   end
 
+  test "unauthenticated request renders login page" do
+    get puzzles_path
+    assert_response :success
+    assert_match "login", response.body.downcase
+  end
+
   test "should show error message when editing puzzle with invalid data" do
     puzzle = puzzles(:one)
 
