Instead of depending on mapping.controller[:session], make it explici…

…t when we allow auth from params.
heartcombo · Sep 14, 2011 · 335d360 · 335d360
1 parent 0b9a95e
commit 335d360
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 11 deletions.
diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb
@@ -1,5 +1,6 @@
 class Devise::SessionsController < ApplicationController
   prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
+  before_filter :allow_params_authentication!, :only => :create
   include Devise::Controllers::InternalHelpers
 
   # GET /resource/sign_in

diff --git a/lib/devise/strategies/authenticatable.rb b/lib/devise/strategies/authenticatable.rb
@@ -85,17 +85,7 @@ def http_auth_hash
 
       # By default, a request is valid  if the controller is allowed and the VERB is POST.
       def valid_request?
-        valid_controller? && valid_verb?
-      end
-
-      # Check if the controller is the one registered for authentication.
-      def valid_controller?
-        mapping.controllers[:sessions] == params[:controller]
-      end
-
-      # Check if it was a POST request.
-      def valid_verb?
-        request.post?
+        env["devise.allow_params_authentication"]
       end
 
       # If the request is valid, finally check if params_auth_hash returns a hash.