Fixed issue #1206: TokenAuthenticatable#params_auth_hash behaving in an unexpected way for the authentication token lookup

2011-07-23 17:45:45 +02:00 · 2011-07-23 17:45:45 +02:00 · a2700bc17f
parent 0a04d73883
commit a2700bc17f
2 changed files with 13 additions and 0 deletions
--- a/lib/devise/strategies/token_authenticatable.rb
+++ b/lib/devise/strategies/token_authenticatable.rb
@ -39,6 +39,8 @@ module Devise

      # Try both scoped and non scoped keys.
      def params_auth_hash
+        token_authentication_key = authentication_keys.first
+        return params if params[scope].kind_of?(Hash) && !params[scope].has_key?(token_authentication_key) && params.has_key?(token_authentication_key)
        params[scope] || params
      end

--- a/test/integration/token_authenticatable_test.rb
+++ b/test/integration/token_authenticatable_test.rb
@ -13,6 +13,17 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
    end
  end

+  test 'authenticate with valid authentication token key and value through params, when params with the same key as scope exist' do
+    swap Devise, :token_authentication_key => :secret_token do
+      user = create_user_with_authentication_token
+      post exhibit_user_path(user), Devise.token_authentication_key => user.authentication_token, :user => { :some => "data" }
+
+      assert_response :success
+      assert_contain 'User is authenticated'
+      assert warden.authenticated?(:user)
+    end
+  end
+
  test 'authenticate with valid authentication token key but does not store if stateless' do
    swap Devise, :token_authentication_key => :secret_token, :stateless_token => true do
      sign_in_as_new_user_with_token