Dont save sessions with a ! during automatic session maintenance

binarylogic · Mar 23, 2009 · 9078901 · 9078901
1 parent 2a8e080
commit 9078901
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 3 deletions.
diff --git a/README.rdoc b/README.rdoc
@@ -54,9 +54,9 @@ These modules are for the acts_as_authentic method you call in your model. It co
 * Authlogic::ActsAsAuthentic::PerishableToken - Handles maintaining the perishable token field, also provides a class level method for finding record using the token.
 * Authlogic::ActsAsAuthentic::PersistenceToken - Handles maintaining the persistence token. This is the token stored in cookies and sessions to persist the users session.
 * Authlogic::ActsAsAuthentic::RestfulAuthentication - Provides configuration options to easily migrate from the restful_authentication plugin.
-* Authlogic::ActsAsAuthentic::Scope - Allows you to scope validations, etc. Just like the :scope option for validates_uniqueness_of
 * Authlogic::ActsAsAuthentic::SessionMaintenance - Handles automatically logging the user in. EX: a new user registers, automatically log them in.
 * Authlogic::ActsAsAuthentic::SingleAccessToken - Handles maintaining the single access token.
+* Authlogic::ActsAsAuthentic::ValidationsScope - Allows you to scope validations, etc. Just like the :scope option for validates_uniqueness_of
 
 === Authlogic::Session sub modules
 
@@ -222,7 +222,7 @@ Here are some common next steps. They might or might not apply to you. For a com
 8. Need to internationalize your app? See Authlogic::I18n
 9. Need help testing? See the Authlogic::Testing
 
-== Interesting in how it works?
+== Interested in how it works?
 
 Interested in how all of this all works? Basically a before filter is automatically set in your controller which lets Authlogic know about the current controller object. This "activates" Authlogic and allows Authlogic to set sessions, cookies, login via basic http auth, etc. If you are using your framework in a multiple thread environment, don't worry. I kept that in mind and made this thread safe.
 

diff --git a/lib/authlogic/acts_as_authentic/session_maintenance.rb b/lib/authlogic/acts_as_authentic/session_maintenance.rb
@@ -98,7 +98,7 @@ def create_session
             # We only want to automatically login into the first session, since this is the main session. The other sessions are sessions
             # that need to be created after logging into the main session.
             session_id = session_ids.first
-            session_class.create!(*[self, self, session_id].compact)
+            session_class.create(*[self, self, session_id].compact)
 
             return true
           end

diff --git a/test/acts_as_authentic_test/session_maintenance_test.rb b/test/acts_as_authentic_test/session_maintenance_test.rb
@@ -6,6 +6,14 @@ def test_login_after_create
       assert User.create(:login => "awesome", :password => "saweet", :password_confirmation => "saweet", :email => "awesome@awesome.com")
       assert UserSession.find
     end
+
+    def test_updating_session_with_failed_magic_state
+      ben = users(:ben)
+      ben.confirmed = false
+      ben.password = "newpass"
+      ben.password_confirmation = "newpass"
+      assert ben.save
+    end
 
     def test_update_session_after_password_modify
       ben = users(:ben)