From 8f71c82774b735da0e2c5753a127516a3feb469c Mon Sep 17 00:00:00 2001
From: Hampton Lintorn-Catlin <hampton@squareup.com>
Date: Tue, 3 Mar 2026 13:04:28 -0500
Subject: [PATCH] Add configurable sign_in_path redirect for unauthenticated
 users

The engine's authenticate_coplan_user! was returning a bare 401 Unauthorized
when the auth callback returned nil. For host apps with a login page (like
this dev host), users should be redirected to sign in instead.

- Add sign_in_path config option to CoPlan::Configuration
- Redirect to sign_in_path when set, fall back to head :unauthorized
- Configure /sign_in in the host app initializer

Amp-Thread-ID: https://ampcode.com/threads/T-019cb4db-952a-7559-9ee4-15fcdd27cb1b
Co-authored-by: Amp <amp@ampcode.com>
---
 config/initializers/coplan.rb                           | 2 ++
 engine/app/controllers/coplan/application_controller.rb | 6 +++++-
 engine/lib/coplan/configuration.rb                      | 2 +-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/config/initializers/coplan.rb b/config/initializers/coplan.rb
index cd74e00..7b3c37e 100644
--- a/config/initializers/coplan.rb
+++ b/config/initializers/coplan.rb
@@ -1,4 +1,6 @@
 CoPlan.configure do |config|
+  config.sign_in_path = "/sign_in"
+
   config.authenticate = ->(request) {
     user_id = request.session[:user_id]
     return nil unless user_id
diff --git a/engine/app/controllers/coplan/application_controller.rb b/engine/app/controllers/coplan/application_controller.rb
index bd15304..0d9929b 100644
--- a/engine/app/controllers/coplan/application_controller.rb
+++ b/engine/app/controllers/coplan/application_controller.rb
@@ -43,7 +43,11 @@ def authenticate_coplan_user!
 
       attrs = callback.call(request)
       unless attrs && attrs[:external_id].present?
-        head :unauthorized
+        if CoPlan.configuration.sign_in_path
+          redirect_to CoPlan.configuration.sign_in_path, alert: "Please sign in."
+        else
+          head :unauthorized
+        end
         return
       end
 
diff --git a/engine/lib/coplan/configuration.rb b/engine/lib/coplan/configuration.rb
index 0666a92..0600280 100644
--- a/engine/lib/coplan/configuration.rb
+++ b/engine/lib/coplan/configuration.rb
@@ -1,6 +1,6 @@
 module CoPlan
   class Configuration
-    attr_accessor :authenticate
+    attr_accessor :authenticate, :sign_in_path
     attr_accessor :ai_base_url, :ai_api_key, :ai_model
     attr_accessor :error_reporter
     attr_accessor :notification_handler