Update CHANGELOG and tidy up tests.

CHANGELOG.rdoc

@@ -4,6 +4,7 @@
   * Rememberable module allows user to be remembered across browsers and is enabled by default (by github.com/trevorturk)
   * devise_for can now be used together with scope method in routes but with a few limitations (check the documentation)
   * Support :as or :devise_scope in the router to specify controller access scope
+  * HTTP Basic Auth can now be disabled/enabled for xhr(ajax) requests using http_authenticatable_on_xhr option. (by github.com/pellja)
 
 * bug fix
   * Fix a bug in Devise::TestHelpers where current_user was returning a Response object for non active accounts

test/failure_app_test.rb

@@ -80,6 +80,8 @@ class FailureTest < ActiveSupport::TestCase
     test 'dont return WWW-authenticate on ajax call if http_authenticatable_on_xhr false' do
       swap Devise, :http_authenticatable_on_xhr => false do
         call_failure('formats' => :html, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
+        assert_equal 302, @response.first
+        assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
         assert_nil @response.second['WWW-Authenticate']
       end
     end
@@ -87,6 +89,7 @@ class FailureTest < ActiveSupport::TestCase
     test 'return WWW-authenticate on ajax call if http_authenticatable_on_xhr true' do
       swap Devise, :http_authenticatable_on_xhr => true do
         call_failure('formats' => :html, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
+        assert_equal 401, @response.first
         assert_equal 'Basic realm="Application"', @response.second["WWW-Authenticate"]
       end
     end
@@ -102,11 +105,6 @@ class FailureTest < ActiveSupport::TestCase
         assert_equal 401, @response.first
       end
     end
-
-    test 'works for xml http requests' do
-      call_failure('formats' => :html, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
-      assert_equal 401, @response.first
-    end
   end
 
   context 'With recall' do