Changing authentication method to redirect inside rails and not warden strategy anymore. Updating session to authenticate the user and set it to warden.

app/controllers/confirmations_controller.rb

@@ -11,7 +11,7 @@ class ConfirmationsController < ApplicationController
   def create
     @confirmation = resource_class.send_confirmation_instructions(params[:confirmation])
     if @confirmation.errors.empty?
-      flash[:notice] = I18n.t(:send_instructions, :scope => [:devise, :confirmations], :default => 'You will receive an email with instructions about how to confirm your account in a few minutes.')
+      flash[:success] = I18n.t(:send_instructions, :scope => [:devise, :confirmations], :default => 'You will receive an email with instructions about how to confirm your account in a few minutes.')
       redirect_to new_session_path
     else
       render :new
@@ -23,7 +23,7 @@ class ConfirmationsController < ApplicationController
   def show
     @confirmation = resource_class.confirm!(:perishable_token => params[:perishable_token])
     if @confirmation.errors.empty?
-      flash[:notice] = I18n.t(:confirm, :scope => [:devise, :confirmations], :default => 'Your account was successfully confirmed!')
+      flash[:success] = I18n.t(:confirm, :scope => [:devise, :confirmations], :default => 'Your account was successfully confirmed!')
       redirect_to new_session_path
     else
       render :new

app/controllers/passwords_controller.rb

@@ -12,7 +12,7 @@ class PasswordsController < ApplicationController
   def create
     self.resource = resource_class.send_reset_password_instructions(params[resource_name])
     if resource.errors.empty?
-      flash[:notice] = I18n.t(:send_instructions, :scope => [:devise, :passwords], :default => 'You will receive an email with instructions about how to reset your password in a few minutes.')
+      flash[:success] = I18n.t(:send_instructions, :scope => [:devise, :passwords], :default => 'You will receive an email with instructions about how to reset your password in a few minutes.')
       redirect_to new_session_path
     else
       render :new
@@ -31,7 +31,7 @@ class PasswordsController < ApplicationController
   def update
     self.resource = resource_class.reset_password!(params[resource_name])
     if resource.errors.empty?
-      flash[:notice] = I18n.t(:update, :scope => [:devise, :passwords], :default => 'Your password was changed successfully.')
+      flash[:success] = I18n.t(:update, :scope => [:devise, :passwords], :default => 'Your password was changed successfully.')
       redirect_to new_session_path
     else
       render :edit

app/controllers/sessions_controller.rb

@@ -10,10 +10,12 @@ class SessionsController < ApplicationController
   # POST /session
   #
   def create
-    if authenticate
-      flash[:notice] = I18n.t(:signed_in, :scope => [:devise, :sessions], :default => 'Signed in successfully.')
+    if user = resource_class.authenticate(params[:session][:email], params[:session][:password]) #authenticate
+      self.current_user = user
+      flash[:success] = I18n.t(:signed_in, :scope => [:devise, :sessions], :default => 'Signed in successfully.')
       redirect_to root_path
     else
+      flash.now[:failure] = I18n.t(:authentication_failed, :scope => [:devise, :sessions], :default => 'Invalid email or password.')
       render :new
     end
   end
@@ -22,7 +24,7 @@ class SessionsController < ApplicationController
   #
   def destroy
     logout
-    flash[:notice] = I18n.t(:signed_out, :scope => [:devise, :sessions], :default => 'Signed out successfully.')
+    flash[:success] = I18n.t(:signed_out, :scope => [:devise, :sessions], :default => 'Signed out successfully.')
     redirect_to new_session_path
   end
 end

app/views/sessions/new.html.erb

@@ -1,7 +1,5 @@
 <h2><%= t '.title', :default => 'Sign in', :scope => :devise %></h2>
 
-<%= warden.message if warden.message.present? %>
-
 <% form_for :session, :url => session_path do |f| -%>
   <p><%= f.label :email %></p>
   <p><%= f.text_field :email %></p>

lib/devise/controllers/authenticable.rb

@@ -48,16 +48,10 @@ module Devise
         warden.logout(*args)
       end
 
-      # Proxy to the authenticate method on warden
-      #
-      def authenticate(*args)
-        warden.authenticate(*args)
-      end
-
-      # Proxy to the authenticate method on warden
+      # Verify authenticated user and redirect to sign in if no authentication is found
       #
       def authenticate!(*args)
-        warden.authenticate!(*args)
+        redirect_to new_session_path unless authenticated?
       end
 
       # Helper for use in before_filters where no authentication is required:

lib/devise/initializers/warden.rb

@@ -47,14 +47,6 @@ Warden::Manager.serialize_from_session do |klass, id|
   klass.find(id)
 end
 
-# Adds RailsWarden Manager to Rails middleware stack, configuring default devise
-# strategy and also the controller who will manage not authenticated users.
-#
-Rails.configuration.middleware.use Warden::Manager do |manager|
-  manager.default_strategies :devise
-  manager.failure_app = SessionsController
-end
-
 # Default strategy for signing in a user, based on his email and password.
 # If no email and no password are present, no authentication is tryed.
 #
@@ -63,20 +55,32 @@ Warden::Strategies.add(:devise) do
   # Validate params before authenticating a user. If both email and password are
   # not present, no authentication is attempted.
   #
-  def valid?
-    params[:session] ||= {}
-    params[:session][:email].present? && params[:session][:password].present?
-  end
+#  def valid?
+#    params[:session] ||= {}
+#    params[:session][:email].present? && params[:session][:password].present?
+#  end
 
   # Authenticate a user based on email and password params, returning to warden
   # success and the authenticated user if everything is okay. Otherwise tell
   # warden the authentication was failed.
   #
   def authenticate!
-    if user = Devise.resource_class(request.path).authenticate(params[:session][:email], params[:session][:password])
-      success!(user)
-    else
-      fail!(I18n.t(:authentication_failed, :scope => [:devise, :sessions], :default => 'Invalid email or password'))
-    end
+    pass
+#    if params[:session] && user = Devise.resource_class(request.path).authenticate(params[:session][:email], params[:session][:password])
+#      success!(user)
+#    else
+#      pass
+#      redirect!('/users/session/new')
+#      throw :warden
+#      fail!(I18n.t(:authentication_failed, :scope => [:devise, :sessions], :default => 'Invalid email or password'))
+#    end
   end
 end
+
+# Adds Warden Manager to Rails middleware stack, configuring default devise
+# strategy and also the controller who will manage not authenticated users.
+#
+Rails.configuration.middleware.use Warden::Manager do |manager|
+  manager.default_strategies :devise
+  manager.failure_app = SessionsController
+end

test/controllers/authenticable_test.rb

@@ -24,16 +24,6 @@ class ControllerAuthenticableTest < ActionController::TestCase
     assert_equal @controller.warden, @controller.env['warden']
   end
 
-  test 'run authenticate on warden' do
-    @mock_warden.expects(:authenticate).returns(true)
-    @controller.authenticate
-  end
-
-  test 'run authenticate! on warden' do
-    @mock_warden.expects(:authenticate!).returns(true)
-    @controller.authenticate!
-  end
-
   test 'run authenticate? on warden' do
     @mock_warden.expects(:authenticated?).returns(true)
     @controller.authenticated?

test/integration/authentication_test.rb

@@ -50,8 +50,8 @@ class AuthenticationTest < ActionController::IntegrationTest
   test 'not authenticated user should not be able to sign out' do
     delete 'users/session'
 
-    assert_response :success
-    assert_template 'sessions/new'
+    assert_response :redirect
+    assert_redirected_to new_user_session_path
     assert !warden.authenticated?
   end