We should only use _url when changing the host, otherwise _path is better (rails#53445)

dhh · web-flow · commit ac9896491036 · 2024-10-24T17:30:34.000-07:00
diff --git a/railties/lib/rails/generators/rails/authentication/templates/app/controllers/concerns/authentication.rb.tt b/railties/lib/rails/generators/rails/authentication/templates/app/controllers/concerns/authentication.rb.tt
@@ -33,7 +33,7 @@ module Authentication
 
     def request_authentication
       session[:return_to_after_authenticating] = request.url
-      redirect_to new_session_url
+      redirect_to new_session_path
     end
 
     def after_authentication_url
diff --git a/railties/lib/rails/generators/rails/authentication/templates/app/controllers/passwords_controller.rb.tt b/railties/lib/rails/generators/rails/authentication/templates/app/controllers/passwords_controller.rb.tt
@@ -10,24 +10,24 @@ class PasswordsController < ApplicationController
       PasswordsMailer.reset(user).deliver_later
     end
 
-    redirect_to new_session_url, notice: "Password reset instructions sent (if user with that email address exists)."
+    redirect_to new_session_path, notice: "Password reset instructions sent (if user with that email address exists)."
   end
 
   def edit
   end
 
   def update
     if @user.update(params.permit(:password, :password_confirmation))
-      redirect_to new_session_url, notice: "Password has been reset."
+      redirect_to new_session_path, notice: "Password has been reset."
     else
-      redirect_to edit_password_url(params[:token]), alert: "Passwords did not match."
+      redirect_to edit_password_path(params[:token]), alert: "Passwords did not match."
     end
   end
 
   private
     def set_user_by_token
       @user = User.find_by_password_reset_token!(params[:token])
     rescue ActiveSupport::MessageVerifier::InvalidSignature
-      redirect_to new_password_url, alert: "Password reset link is invalid or has expired."
+      redirect_to new_password_path, alert: "Password reset link is invalid or has expired."
     end
 end
diff --git a/railties/lib/rails/generators/rails/authentication/templates/app/controllers/sessions_controller.rb.tt b/railties/lib/rails/generators/rails/authentication/templates/app/controllers/sessions_controller.rb.tt
@@ -10,12 +10,12 @@ class SessionsController < ApplicationController
       start_new_session_for user
       redirect_to after_authentication_url
     else
-      redirect_to new_session_url, alert: "Try another email address or password."
+      redirect_to new_session_path, alert: "Try another email address or password."
     end
   end
 
   def destroy
     terminate_session
-    redirect_to new_session_url
+    redirect_to new_session_path
   end
 end
