Permalink
Browse files

Fix optional enforcement of particular authentication keys

Documentation states that authentication_keys should accept a hash with
values indicating whether or not each key is required. This was added in
b2066cc but tests only covered request_keys, and 29afe2d later broke
it with a << array operator.
  • Loading branch information...
ches committed Aug 6, 2011
1 parent 6448490 commit 3cedba1de8345b5f5f9055acd5513e893ed8d497
Showing with 23 additions and 4 deletions.
  1. +6 −4 app/controllers/devise/sessions_controller.rb
  2. +17 −0 test/integration/authenticatable_test.rb
@@ -38,8 +38,10 @@ def destroy
protected
def stub_options(resource)
- array = resource_class.authentication_keys.dup
- array << :password if resource.respond_to?(:password)
- { :methods => array, :only => [:password] }
+ methods = resource_class.authentication_keys.dup
+ methods = methods.keys if methods.is_a?(Hash)
+ methods << :password if resource.respond_to?(:password)
+ { :methods => methods, :only => [:password] }
end
-end
+end
+
@@ -454,6 +454,23 @@ class AuthenticationOthersTest < ActionController::IntegrationTest
end
end
+class AuthenticationKeysTest < ActionController::IntegrationTest
+ test 'missing authentication keys cause authentication to abort' do
+ swap Devise, :authentication_keys => [:subdomain] do
+ sign_in_as_user
+ assert_contain "Invalid email or password."
+ assert_not warden.authenticated?(:user)
+ end
+ end
+
+ test 'missing authentication keys cause authentication to abort unless marked as not required' do
+ swap Devise, :authentication_keys => { :email => true, :subdomain => false } do
+ sign_in_as_user
+ assert warden.authenticated?(:user)
+ end
+ end
+end
+
class AuthenticationRequestKeysTest < ActionController::IntegrationTest
test 'request keys are used on authentication' do
host! 'foo.bar.baz'

0 comments on commit 3cedba1

Please sign in to comment.