mirror of
https://github.com/heartcombo/devise.git
synced 2022-11-09 12:18:31 -05:00
Add a deprecation warning for previous controller authorization style.
This commit is contained in:
parent
dd1d128333
commit
ab9d856568
4 changed files with 17 additions and 3 deletions
|
@ -1,3 +1,8 @@
|
||||||
|
== 1.4.7
|
||||||
|
|
||||||
|
* bug fix
|
||||||
|
* Fix backward incompatible change from 1.4.6 for those using custom controllers
|
||||||
|
|
||||||
== 1.4.6
|
== 1.4.6
|
||||||
|
|
||||||
* enhancements
|
* enhancements
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
class Devise::SessionsController < ApplicationController
|
class Devise::SessionsController < ApplicationController
|
||||||
prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
|
prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
|
||||||
before_filter :allow_params_authentication!, :only => :create
|
prepend_before_filter :allow_params_authentication!, :only => :create
|
||||||
include Devise::Controllers::InternalHelpers
|
include Devise::Controllers::InternalHelpers
|
||||||
|
|
||||||
# GET /resource/sign_in
|
# GET /resource/sign_in
|
||||||
|
|
|
@ -182,7 +182,6 @@ module ActionDispatch::Routing
|
||||||
options[:path_names] = (@scope[:path_names] || {}).merge(options[:path_names] || {})
|
options[:path_names] = (@scope[:path_names] || {}).merge(options[:path_names] || {})
|
||||||
options[:constraints] = (@scope[:constraints] || {}).merge(options[:constraints] || {})
|
options[:constraints] = (@scope[:constraints] || {}).merge(options[:constraints] || {})
|
||||||
options[:defaults] = (@scope[:defaults] || {}).merge(options[:defaults] || {})
|
options[:defaults] = (@scope[:defaults] || {}).merge(options[:defaults] || {})
|
||||||
|
|
||||||
@scope[:options] = (@scope[:options] || {}).merge({:format => false}) if options[:format] == false
|
@scope[:options] = (@scope[:options] || {}).merge({:format => false}) if options[:format] == false
|
||||||
|
|
||||||
resources.map!(&:to_sym)
|
resources.map!(&:to_sym)
|
||||||
|
|
|
@ -85,7 +85,17 @@ module Devise
|
||||||
|
|
||||||
# By default, a request is valid if the controller is allowed and the VERB is POST.
|
# By default, a request is valid if the controller is allowed and the VERB is POST.
|
||||||
def valid_request?
|
def valid_request?
|
||||||
env["devise.allow_params_authentication"]
|
if env["devise.allow_params_authentication"]
|
||||||
|
true
|
||||||
|
elsif request.post? && mapping.controllers[:sessions] == params[:controller]
|
||||||
|
ActiveSupport::Deprecation.warn "It seems that you are using a custom SessionsController. " \
|
||||||
|
"In order for it to work from Devise 1.4.6 forward, you need to add the following:" \
|
||||||
|
"\n\n prepend_before_filter :allow_params_authentication!, :only => :create\n\n" \
|
||||||
|
"This will ensure your controller can authenticate from params for the create action.", caller
|
||||||
|
true
|
||||||
|
else
|
||||||
|
false
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# If the request is valid, finally check if params_auth_hash returns a hash.
|
# If the request is valid, finally check if params_auth_hash returns a hash.
|
||||||
|
|
Loading…
Reference in a new issue