diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index 36f11a2d88..63e30607a8 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -16,6 +16,7 @@ * Custom failure apps no longer ignored in test mode (by github.com/jaghion) * Do not depend on ActiveModel::Dirty * Manual sign_in now triggers remember token + * Be sure to halt strategies on failures * deprecations * Deprecated anybody_signed_in? in favor of signed_in? (by github.com/gavinhughes) diff --git a/lib/devise/strategies/authenticatable.rb b/lib/devise/strategies/authenticatable.rb index 0ec708f09f..d9f0faf150 100644 --- a/lib/devise/strategies/authenticatable.rb +++ b/lib/devise/strategies/authenticatable.rb @@ -21,6 +21,7 @@ def validate(resource, &block) case result when String, Symbol fail!(result) + false when TrueClass decorate(resource) true diff --git a/lib/devise/strategies/database_authenticatable.rb b/lib/devise/strategies/database_authenticatable.rb index 24c9db4a8a..447963c54d 100644 --- a/lib/devise/strategies/database_authenticatable.rb +++ b/lib/devise/strategies/database_authenticatable.rb @@ -10,7 +10,7 @@ def authenticate! if validate(resource){ resource.valid_password?(password) } resource.after_database_authentication success!(resource) - else + elsif !halted? fail(:invalid) end end diff --git a/lib/devise/strategies/rememberable.rb b/lib/devise/strategies/rememberable.rb index d9e87da9c6..e0f7b18ffa 100644 --- a/lib/devise/strategies/rememberable.rb +++ b/lib/devise/strategies/rememberable.rb @@ -20,7 +20,7 @@ def authenticate! if validate(resource) success!(resource) - else + elsif !halted? cookies.delete(remember_key) pass end diff --git a/lib/devise/strategies/token_authenticatable.rb b/lib/devise/strategies/token_authenticatable.rb index 122efb399a..1ffc17a4d6 100644 --- a/lib/devise/strategies/token_authenticatable.rb +++ b/lib/devise/strategies/token_authenticatable.rb @@ -20,7 +20,7 @@ def authenticate! if validate(resource) resource.after_token_authentication success!(resource) - else + elsif !halted? fail(:invalid_token) end end