Ensure customs pass through sessions_controller.

2022-11-09 12:18:31 -05:00 · 2010-04-01 14:00:21 +02:00 · 2010-04-01 14:00:21 +02:00 · 13b8ddf54c
commit 13b8ddf54c
parent 16666b7587
4 changed files with 22 additions and 15 deletions
--- a/app/controllers/devise/sessions_controller.rb
+++ b/app/controllers/devise/sessions_controller.rb
@ -13,11 +13,11 @@ class Devise::SessionsController < ApplicationController

  # POST /resource/sign_in
  def create
-    if resource = authenticate(resource_name)
+    if resource = warden.authenticate(:scope => resource_name)
      set_flash_message :notice, :signed_in
      sign_in_and_redirect(resource_name, resource, true)
    elsif warden.winning_strategy && warden.result != :failure
-      authenticate!
+      throw :warden, :scope => resource_name
    else
      set_now_flash_message :alert, (warden.message || :invalid)
      clean_up_passwords(build_resource)
--- a/lib/devise/controllers/helpers.rb
+++ b/lib/devise/controllers/helpers.rb
@ -23,18 +23,6 @@ module Devise
        false
      end

-      # Attempts to authenticate the given scope by running authentication hooks,
-      # but does not redirect in case of failures.
-      def authenticate(scope)
-        warden.authenticate(:scope => scope)
-      end
-
-      # Attempts to authenticate the given scope by running authentication hooks,
-      # redirecting in case of failures.
-      def authenticate!(scope)
-        warden.authenticate!(:scope => scope)
-      end
-
      # Check if the given scope is signed in session, without running
      # authentication hooks.
      def signed_in?(scope)
--- a/lib/devise/models/database_authenticatable.rb
+++ b/lib/devise/models/database_authenticatable.rb
@ -67,10 +67,11 @@ module Devise
          update_attributes(params)
        else
          self.errors.add(:current_password, current_password.blank? ? :blank : :invalid)
-          self.attributes = params.except(:password, :password_confirmation)
+          self.attributes = params
          false
        end

+        clean_up_passwords
        result
      end

--- a/test/integration/database_authenticatable_test.rb
+++ b/test/integration/database_authenticatable_test.rb
@ -265,6 +265,24 @@ class AuthenticationTest < ActionController::IntegrationTest
    assert_contain 'Welcome to "sessions/new" view!'
  end

+  # Custom strategy invoking custom!
+  test 'custom strategy invoking custom on sign up bevahes as expected' do
+    Warden::Strategies.add(:custom) do
+      def authenticate!
+        custom!([401, {"Content-Type" => "text/html"}, ["Custom strategy"]])
+      end
+    end
+
+    begin
+      Devise.warden_config.default_strategies(:scope => :user).unshift(:custom)
+      sign_in_as_user
+      assert_equal 401, status
+      assert_contain 'Custom strategy'
+    ensure
+      Devise.warden_config.default_strategies(:scope => :user).shift
+    end
+  end
+
  # Access
  test 'render 404 on roles without permission' do
    get '/admin_area/password/new', {}, "action_dispatch.show_exceptions" => true