#340 Restrict access to controllers methods

[gkopylov]

DeviseTokenAuth::OmniauthCallbacksController#omniauth_params is still need to be restricted but we need to create appropriate tests for this.

[nbrustein]

@gkopylov is there a reason you did not also make omniauth_params a protected method? (in omniauth_callbacks_controller)

[gkopylov]

@nbrustein because it will raise an error for this test for example https://github.com/lynndylanhurley/devise_token_auth/blob/master/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb#L75

So, becase of this I have written:

but we need to create appropriate tests for this

[nbrustein]

I see. How would you feel about using controller.send(:omniauth_params) in the test. Doesn't seem to crazy to me.

[gkopylov]

It is a bit hackish but I think it is fair enough too.

Anyway I think it is better to handle token authorization by yourself(at least at the current moment) :-)

[booleanbetrayal]

This all looks good to me! 👍