Skip to content
Browse files

Instead of depending on mapping.controller[:session], make it explici…

…t when we allow auth from params.
  • Loading branch information...
1 parent 0b9a95e commit 335d36088f5eb108de1df42222483e8d7ed0d8e4 @josevalim josevalim committed
Showing with 2 additions and 11 deletions.
  1. +1 −0 app/controllers/devise/sessions_controller.rb
  2. +1 −11 lib/devise/strategies/authenticatable.rb
View
1 app/controllers/devise/sessions_controller.rb
@@ -1,5 +1,6 @@
class Devise::SessionsController < ApplicationController
prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
+ before_filter :allow_params_authentication!, :only => :create
include Devise::Controllers::InternalHelpers
# GET /resource/sign_in
View
12 lib/devise/strategies/authenticatable.rb
@@ -85,17 +85,7 @@ def http_auth_hash
# By default, a request is valid if the controller is allowed and the VERB is POST.
def valid_request?
- valid_controller? && valid_verb?
- end
-
- # Check if the controller is the one registered for authentication.
- def valid_controller?
- mapping.controllers[:sessions] == params[:controller]
- end
-
- # Check if it was a POST request.
- def valid_verb?
- request.post?
+ env["devise.allow_params_authentication"]
end
# If the request is valid, finally check if params_auth_hash returns a hash.

0 comments on commit 335d360

Please sign in to comment.
Something went wrong with that request. Please try again.