Fix user serialization issues under Rails 7.0.3

Author: dmolesUC

app/controllers/sessions_controller.rb

@@ -10,7 +10,8 @@ def index
   def callback
     logger.debug({ msg: 'Received omniauth callback', omniauth: auth_hash })
 
-    session[User::SESSION_KEY] = User.from_omniauth(auth_hash)
+    user = User.from_omniauth(auth_hash)
+    session[User::SESSION_KEY] = user.serializable_hash
     redirect_to(omniauth_origin, allow_other_host: true)
   end
 

app/models/user.rb

@@ -1,4 +1,6 @@
 class User
+  include ActiveModel::Model
+  include ActiveModel::Attributes
   include ActiveModel::Serialization
   include BerkeleyLibrary::Logging
 
@@ -18,27 +20,24 @@ class User
   # Accessors
 
   # @return [String]
-  attr_reader :uid
+  attribute :uid, :string
 
   # @return [String]
-  attr_reader :display_name
+  attribute :display_name, :string
 
   # @return [String] The user's email address.
-  attr_reader :email
+  attribute :email, :string
 
   # @return [Boolean] True if the user is a GALC administrator, false otherwise.
-  attr_reader :galc_admin
+  attribute :galc_admin, :boolean
 
   alias galc_admin? galc_admin
 
   # ------------------------------------------------------------
   # Initializer
 
   def initialize(uid: nil, display_name: nil, email: nil, galc_admin: false)
-    @uid = uid
-    @display_name = display_name
-    @email = email
-    @galc_admin = galc_admin
+    super
   end
 
   # ------------------------------------------------------------
@@ -67,11 +66,6 @@ def from_session(session)
     def galc_admin?(cal_groups)
       cal_groups && cal_groups.include?(GALC_ADMIN_GROUP)
     end
-
-    def attribute_names
-      # Hack to leverage ActiveModel::Serialization#attribute_names
-      @attribute_names ||= User.new.attribute_names
-    end
   end
 
   # ------------------------------------------------------------
@@ -81,15 +75,4 @@ def attribute_names
   def authenticated?
     !uid.nil?
   end
-
-  # ------------------------------
-  # ActiveModel::Serialization
-
-  # Default attribute hash. Used by ActiveModel::Serialization to
-  # implement `#attribute_names` and `#serializable_hash`.
-  #
-  # @return [Hash<String, Object>] a hash of default attribute values
-  def attributes
-    SERIALIZED_ATTRS.stringify_keys
-  end
 end

spec/models/user_spec.rb

@@ -76,4 +76,16 @@
       end
     end
   end
+
+  describe :serializable_hash do
+    it 'serializes the user' do
+      attrs = { uid: '5551213', display_name: 'Natalie Noe', email: '[email protected]', galc_admin: true }
+
+      user = User.new(**attrs)
+      expected_hash = attrs.transform_keys(&:to_s)
+
+      expect(user.serializable_hash).to eq(expected_hash)
+    end
+  end
+
 end

spec/requests/sessions_spec.rb

@@ -79,24 +79,26 @@ def callback_url_from_cas_redirect(loc)
       it 'initializes a user from the auth response and stores it in the session' do
         post login_path, params: { origin: origin_url }
 
-        user = session[User::SESSION_KEY]
-        expect(user).to be_nil # just to be sure
+        user_attrs = session[User::SESSION_KEY]
+        expect(user_attrs).to be_nil # just to be sure
 
         # NOTE: We can't use follow_redirect! b/c the Rack::Test mock client
         #       thinks all requests are local; so we just pretend we hit the
         #       CAS login URL and it redirected the browser back here.
         get callback_url_from_cas_redirect(response.headers['Location'])
 
-        user = session[User::SESSION_KEY]
-        expect(user).to be_a(User)
-        {
+        expected_attrs = {
           uid: '5551215',
           display_name: 'Rachel Roe',
           email: '[email protected]',
           galc_admin: true
-        }.each do |attr, v_expected|
+        }.with_indifferent_access
+
+        user = User.from_session(session)
+
+        expected_attrs.each do |attr, v_expected|
           v_actual = user.send(attr)
-          expect(v_actual).to eq(v_expected), "Wrong value for #{attr}; expected #{v_expected}, was #{v_actual}"
+          expect(v_actual).to eq(v_expected), "Wrong value for #{attr}; expected #{v_expected.inspect}, was #{v_actual.inspect}"
         end
 
         expect(response).to redirect_to(origin_url)