1
0
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2022-11-09 12:18:31 -05:00

Fixed issue #1206: TokenAuthenticatable#params_auth_hash behaving in an unexpected way for the authentication token lookup

This commit is contained in:
Mathieu Ravaux 2011-07-23 17:45:45 +02:00
parent 0a04d73883
commit a2700bc17f
2 changed files with 13 additions and 0 deletions

View file

@ -39,6 +39,8 @@ module Devise
# Try both scoped and non scoped keys.
def params_auth_hash
token_authentication_key = authentication_keys.first
return params if params[scope].kind_of?(Hash) && !params[scope].has_key?(token_authentication_key) && params.has_key?(token_authentication_key)
params[scope] || params
end

View file

@ -13,6 +13,17 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
end
end
test 'authenticate with valid authentication token key and value through params, when params with the same key as scope exist' do
swap Devise, :token_authentication_key => :secret_token do
user = create_user_with_authentication_token
post exhibit_user_path(user), Devise.token_authentication_key => user.authentication_token, :user => { :some => "data" }
assert_response :success
assert_contain 'User is authenticated'
assert warden.authenticated?(:user)
end
end
test 'authenticate with valid authentication token key but does not store if stateless' do
swap Devise, :token_authentication_key => :secret_token, :stateless_token => true do
sign_in_as_new_user_with_token