Merge pull request heartcombo#1211 from mathieuravaux/master

Issue heartcombo#1206 fix ((TokenAuthenticatable#params_auth_hash behavior)
iros · Jul 25, 2011 · b7b21a0 · b7b21a0
2 parents 4ce9d6f + 4d91fb4
commit b7b21a0
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 1 deletion.
diff --git a/lib/devise/strategies/token_authenticatable.rb b/lib/devise/strategies/token_authenticatable.rb
@@ -39,7 +39,11 @@ def remember_me?
 
       # Try both scoped and non scoped keys.
       def params_auth_hash
-        params[scope] || params
+        if params[scope].kind_of?(Hash) && params[scope].has_key?(authentication_keys.first)
+          params[scope]
+        else
+          params
+        end
       end
 
       # Overwrite authentication keys to use token_authentication_key.

diff --git a/test/integration/token_authenticatable_test.rb b/test/integration/token_authenticatable_test.rb
@@ -13,6 +13,17 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
     end
   end
 
+  test 'authenticate with valid authentication token key and value through params, when params with the same key as scope exist' do
+    swap Devise, :token_authentication_key => :secret_token do
+      user = create_user_with_authentication_token
+      post exhibit_user_path(user), Devise.token_authentication_key => user.authentication_token, :user => { :some => "data" }
+
+      assert_response :success
+      assert_contain 'User is authenticated'
+      assert warden.authenticated?(:user)
+    end
+  end
+
   test 'authenticate with valid authentication token key but does not store if stateless' do
     swap Devise, :token_authentication_key => :secret_token, :stateless_token => true do
       sign_in_as_new_user_with_token