… format) when Rails flash feature is not enabled (i.e.: when using rails-api).
Code cleanup for returning headers instead of an empty string when destroying sessions. Lines 464 and 471 on test/integration/autenticatable_test.rb were adjusted to assert on :no_content
…iggering `ActiveModel::MassAssignmentSecurity::Error` when `ActiveRecord::Base.mass_assignment_sanitizer` is set to `:strict`. Fixes #1729.
It was impossible to accomplish this by providing a custom #after_sign_out_path_for in ApplicationController because the session gets destroyed before it is called. Furthermore, resource_return_to is now used by default if it exists, so users won't have to provide a custom #after_sign_out_path_for in that case.
…ny value is stored in it
…t when we allow auth from params.
This time with tests
…reuse the request_format logic from FailureApp.
…al formats such as JSON and XML Signed-off-by: José Valim <email@example.com>
This will make Devise::SessionsController return the authenticated object in the requested format instead of redirect the client to another page upon success authentication.
…as moved to a middleware in Rails 3.
…. Whenever Warden is invoked with a :recall, the failure app will recall the chosen controller and the action given to recall.