Permalink
View
5 CHANGELOG.rdoc
@@ -1,3 +1,8 @@
+== 1.4.7
+
+* bug fix
+ * Fix backward incompatible change from 1.4.6 for those using custom controllers
+
== 1.4.6
* enhancements
View
2 app/controllers/devise/sessions_controller.rb
@@ -1,6 +1,6 @@
class Devise::SessionsController < ApplicationController
prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
- before_filter :allow_params_authentication!, :only => :create
+ prepend_before_filter :allow_params_authentication!, :only => :create
include Devise::Controllers::InternalHelpers
# GET /resource/sign_in
View
1 lib/devise/rails/routes.rb
@@ -182,7 +182,6 @@ def devise_for(*resources)
options[:path_names] = (@scope[:path_names] || {}).merge(options[:path_names] || {})
options[:constraints] = (@scope[:constraints] || {}).merge(options[:constraints] || {})
options[:defaults] = (@scope[:defaults] || {}).merge(options[:defaults] || {})
-
@scope[:options] = (@scope[:options] || {}).merge({:format => false}) if options[:format] == false
resources.map!(&:to_sym)
View
12 lib/devise/strategies/authenticatable.rb
@@ -85,7 +85,17 @@ def http_auth_hash
# By default, a request is valid if the controller is allowed and the VERB is POST.
def valid_request?
- env["devise.allow_params_authentication"]
+ if env["devise.allow_params_authentication"]
+ true
+ elsif request.post? && mapping.controllers[:sessions] == params[:controller]
+ ActiveSupport::Deprecation.warn "It seems that you are using a custom SessionsController. " \
+ "In order for it to work from Devise 1.4.6 forward, you need to add the following:" \
+ "\n\n prepend_before_filter :allow_params_authentication!, :only => :create\n\n" \
+ "This will ensure your controller can authenticate from params for the create action.", caller
+ true
+ else
+ false
+ end
end
# If the request is valid, finally check if params_auth_hash returns a hash.

0 comments on commit ab9d856

Please sign in to comment.