From ab9d8565683e163963daf6b3c68678309300aa2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 22 Sep 2011 11:50:57 +0200 Subject: [PATCH] Add a deprecation warning for previous controller authorization style. --- CHANGELOG.rdoc | 5 +++++ app/controllers/devise/sessions_controller.rb | 2 +- lib/devise/rails/routes.rb | 1 - lib/devise/strategies/authenticatable.rb | 12 +++++++++++- 4 files changed, 17 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index ce4ed309..7a0901da 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,3 +1,8 @@ +== 1.4.7 + +* bug fix + * Fix backward incompatible change from 1.4.6 for those using custom controllers + == 1.4.6 * enhancements diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index 0c804e07..3aee5949 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -1,6 +1,6 @@ class Devise::SessionsController < ApplicationController prepend_before_filter :require_no_authentication, :only => [ :new, :create ] - before_filter :allow_params_authentication!, :only => :create + prepend_before_filter :allow_params_authentication!, :only => :create include Devise::Controllers::InternalHelpers # GET /resource/sign_in diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 8b84258a..95021f4a 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -182,7 +182,6 @@ module ActionDispatch::Routing options[:path_names] = (@scope[:path_names] || {}).merge(options[:path_names] || {}) options[:constraints] = (@scope[:constraints] || {}).merge(options[:constraints] || {}) options[:defaults] = (@scope[:defaults] || {}).merge(options[:defaults] || {}) - @scope[:options] = (@scope[:options] || {}).merge({:format => false}) if options[:format] == false resources.map!(&:to_sym) diff --git a/lib/devise/strategies/authenticatable.rb b/lib/devise/strategies/authenticatable.rb index a84aa31e..b81d145c 100644 --- a/lib/devise/strategies/authenticatable.rb +++ b/lib/devise/strategies/authenticatable.rb @@ -85,7 +85,17 @@ module Devise # By default, a request is valid if the controller is allowed and the VERB is POST. def valid_request? - env["devise.allow_params_authentication"] + if env["devise.allow_params_authentication"] + true + elsif request.post? && mapping.controllers[:sessions] == params[:controller] + ActiveSupport::Deprecation.warn "It seems that you are using a custom SessionsController. " \ + "In order for it to work from Devise 1.4.6 forward, you need to add the following:" \ + "\n\n prepend_before_filter :allow_params_authentication!, :only => :create\n\n" \ + "This will ensure your controller can authenticate from params for the create action.", caller + true + else + false + end end # If the request is valid, finally check if params_auth_hash returns a hash.