Permalink
Browse files

Work around AR that does not call serializable_hash on to_xml.

  • Loading branch information...
1 parent 6a8ee47 commit 07db04e77313918f568d43f2401e53cafed696c6 @josevalim josevalim committed Jun 29, 2011
Showing with 14 additions and 8 deletions.
  1. +1 −0 CHANGELOG.rdoc
  2. +12 −7 lib/devise/models/authenticatable.rb
  3. +1 −1 test/integration/registerable_test.rb
View
@@ -6,6 +6,7 @@
* Better localization for devise_error_messages! (by github.com/zedtux)
* bug fix
+ * Ensure to_xml is properly white listened
* Ensure handle_unverified_request clean up any cached signed-in user
== 1.4.0
@@ -76,13 +76,18 @@ def inactive_message
def authenticatable_salt
end
- def serializable_hash(options={})
- if self.class.respond_to?(:accessible_attributes)
- options = { :only => self.class.accessible_attributes.to_a }.merge(options || {})
- super(options)
- else
- super
- end
+ # TODO: to_xml does not call serializable_hash. Hopefully someone will fix this in AR.
+ %w(to_xml serializable_hash).each do |method|
+ class_eval <<-RUBY, __FILE__, __LINE__
+ def #{method}(options={})
+ if self.class.respond_to?(:accessible_attributes)
+ options = { :only => self.class.accessible_attributes.to_a }.merge(options || {})
+ super(options)
+ else
+ super
+ end
+ end
+ RUBY
end
module ClassMethods
@@ -211,7 +211,7 @@ class RegistrationTest < ActionController::IntegrationTest
get new_user_registration_path(:format => 'xml')
assert_response :success
assert_match %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>), response.body
- assert_no_match(/<confirmation_token>/, response.body) if DEVISE_ORM == :active_record
+ assert_no_match(/<confirmation-token/, response.body) if DEVISE_ORM == :active_record
end
test 'a user with JSON sign up stub' do

0 comments on commit 07db04e

Please sign in to comment.