1
0
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2022-11-09 12:18:31 -05:00

Add a deprecation warning for previous controller authorization style.

This commit is contained in:
José Valim 2011-09-22 11:50:57 +02:00
parent dd1d128333
commit ab9d856568
4 changed files with 17 additions and 3 deletions

View file

@ -1,3 +1,8 @@
== 1.4.7
* bug fix
* Fix backward incompatible change from 1.4.6 for those using custom controllers
== 1.4.6 == 1.4.6
* enhancements * enhancements

View file

@ -1,6 +1,6 @@
class Devise::SessionsController < ApplicationController class Devise::SessionsController < ApplicationController
prepend_before_filter :require_no_authentication, :only => [ :new, :create ] prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
before_filter :allow_params_authentication!, :only => :create prepend_before_filter :allow_params_authentication!, :only => :create
include Devise::Controllers::InternalHelpers include Devise::Controllers::InternalHelpers
# GET /resource/sign_in # GET /resource/sign_in

View file

@ -182,7 +182,6 @@ module ActionDispatch::Routing
options[:path_names] = (@scope[:path_names] || {}).merge(options[:path_names] || {}) options[:path_names] = (@scope[:path_names] || {}).merge(options[:path_names] || {})
options[:constraints] = (@scope[:constraints] || {}).merge(options[:constraints] || {}) options[:constraints] = (@scope[:constraints] || {}).merge(options[:constraints] || {})
options[:defaults] = (@scope[:defaults] || {}).merge(options[:defaults] || {}) options[:defaults] = (@scope[:defaults] || {}).merge(options[:defaults] || {})
@scope[:options] = (@scope[:options] || {}).merge({:format => false}) if options[:format] == false @scope[:options] = (@scope[:options] || {}).merge({:format => false}) if options[:format] == false
resources.map!(&:to_sym) resources.map!(&:to_sym)

View file

@ -85,7 +85,17 @@ module Devise
# By default, a request is valid if the controller is allowed and the VERB is POST. # By default, a request is valid if the controller is allowed and the VERB is POST.
def valid_request? def valid_request?
env["devise.allow_params_authentication"] if env["devise.allow_params_authentication"]
true
elsif request.post? && mapping.controllers[:sessions] == params[:controller]
ActiveSupport::Deprecation.warn "It seems that you are using a custom SessionsController. " \
"In order for it to work from Devise 1.4.6 forward, you need to add the following:" \
"\n\n prepend_before_filter :allow_params_authentication!, :only => :create\n\n" \
"This will ensure your controller can authenticate from params for the create action.", caller
true
else
false
end
end end
# If the request is valid, finally check if params_auth_hash returns a hash. # If the request is valid, finally check if params_auth_hash returns a hash.