Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Instead of depending on mapping.controller[:session], make it explici…

…t when we allow auth from params.
  • Loading branch information...
commit 335d36088f5eb108de1df42222483e8d7ed0d8e4 1 parent 0b9a95e
@josevalim josevalim authored
View
1  app/controllers/devise/sessions_controller.rb
@@ -1,5 +1,6 @@
class Devise::SessionsController < ApplicationController
prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
+ before_filter :allow_params_authentication!, :only => :create
include Devise::Controllers::InternalHelpers
# GET /resource/sign_in
View
12 lib/devise/strategies/authenticatable.rb
@@ -85,17 +85,7 @@ def http_auth_hash
# By default, a request is valid if the controller is allowed and the VERB is POST.
def valid_request?
- valid_controller? && valid_verb?
- end
-
- # Check if the controller is the one registered for authentication.
- def valid_controller?
- mapping.controllers[:sessions] == params[:controller]
- end
-
- # Check if it was a POST request.
- def valid_verb?
- request.post?
+ env["devise.allow_params_authentication"]
end
# If the request is valid, finally check if params_auth_hash returns a hash.
Please sign in to comment.
Something went wrong with that request. Please try again.