diff --git a/lib/devise/hooks/confirmable.rb b/lib/devise/hooks/confirmable.rb index ef29fce7..6727bb96 100644 --- a/lib/devise/hooks/confirmable.rb +++ b/lib/devise/hooks/confirmable.rb @@ -2,10 +2,10 @@ # This is done by checking the time frame the user is able to sign in without # confirming it's account. If the user has not confirmed it's account during # this time frame, he/she will not able to sign in anymore. -Warden::Manager.after_set_user do |record, auth, options| +Warden::Manager.after_set_user do |record, warden, options| if record && record.respond_to?(:active?) && !record.active? scope = options[:scope] - auth.logout(scope) + warden.logout(scope) throw :warden, :scope => scope, :params => { :unconfirmed => true } end end diff --git a/lib/devise/hooks/rememberable.rb b/lib/devise/hooks/rememberable.rb index c3b7bf9e..4293dc9d 100644 --- a/lib/devise/hooks/rememberable.rb +++ b/lib/devise/hooks/rememberable.rb @@ -3,15 +3,17 @@ # that specific user and adds a cookie with this user info to sign in this user # automatically without asking for credentials. Refer to rememberable strategy # for more info. -Warden::Manager.after_authentication do |record, auth, options| +Warden::Manager.after_authentication do |record, warden, options| scope = options[:scope] - remember_me = auth.params[scope].try(:fetch, :remember_me, nil) + remember_me = warden.params[scope].try(:fetch, :remember_me, nil) if Devise::TRUE_VALUES.include?(remember_me) && record.respond_to?(:remember_me!) record.remember_me! - auth.cookies['remember_token'] = { + + warden.response.set_cookie "remember_#{scope}_token", { :value => record.class.serialize_into_cookie(record), - :expires => record.remember_expires_at + :expires => record.remember_expires_at, + :path => "/" } end end @@ -19,9 +21,9 @@ end # Before logout hook to forget the user in the given scope, only if rememberable # is activated for this scope. Also clear remember token to ensure the user # won't be remembered again. -Warden::Manager.before_logout do |record, auth, scope| +Warden::Manager.before_logout do |record, warden, scope| if record.respond_to?(:forget_me!) record.forget_me! - auth.cookies.delete('remember_token') + warden.response.delete_cookie "remember_#{scope}_token" end end diff --git a/lib/devise/rails/warden_compat.rb b/lib/devise/rails/warden_compat.rb index 9e578390..647c7c7a 100644 --- a/lib/devise/rails/warden_compat.rb +++ b/lib/devise/rails/warden_compat.rb @@ -1,6 +1,5 @@ # Taken from RailsWarden, thanks to Hassox. http://github.com/hassox/rails_warden module Warden::Mixins::Common - # Gets the rails request object by default if it's available def request return @request if @request if env['action_controller.rescue.request'] @@ -19,8 +18,12 @@ module Warden::Mixins::Common raw_session.clear end - # Proxy to request cookies - def cookies - request.cookies + def response + return @response if @response + if env['action_controller.rescue.response'] + @response = env['action_controller.rescue.response'] + else + Rack::Response.new(env) + end end end diff --git a/lib/devise/strategies/rememberable.rb b/lib/devise/strategies/rememberable.rb index 5db69dc9..5166ec34 100644 --- a/lib/devise/strategies/rememberable.rb +++ b/lib/devise/strategies/rememberable.rb @@ -26,7 +26,7 @@ module Devise # Accessor for remember cookie def remember_me_cookie - cookies['remember_token'] + request.cookies["remember_#{mapping.name}_token"] end end end diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index 9145491a..6fef35f7 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -6,7 +6,7 @@ class RememberMeTest < ActionController::IntegrationTest Devise.remember_for = 1 user = create_user user.remember_me! - cookies['remember_token'] = User.serialize_into_cookie(user) + add_to_token + cookies['remember_user_token'] = User.serialize_into_cookie(user) + add_to_token user end