Add a deprecation warning for previous controller authorization style.

2022-11-09 12:18:31 -05:00 · 2011-09-22 11:50:57 +02:00 · 2011-09-22 11:50:57 +02:00 · ab9d856568
commit ab9d856568
parent dd1d128333
4 changed files with 17 additions and 3 deletions
--- a/CHANGELOG.rdoc
+++ b/CHANGELOG.rdoc
@ -1,3 +1,8 @@
+== 1.4.7
+
+* bug fix
+  * Fix backward incompatible change from 1.4.6 for those using custom controllers
+
 == 1.4.6

 * enhancements
--- a/app/controllers/devise/sessions_controller.rb
+++ b/app/controllers/devise/sessions_controller.rb
@ -1,6 +1,6 @@
 class Devise::SessionsController < ApplicationController
  prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
-  before_filter :allow_params_authentication!, :only => :create
+  prepend_before_filter :allow_params_authentication!, :only => :create
  include Devise::Controllers::InternalHelpers

  # GET /resource/sign_in
--- a/lib/devise/rails/routes.rb
+++ b/lib/devise/rails/routes.rb
@ -182,7 +182,6 @@ module ActionDispatch::Routing
      options[:path_names]    = (@scope[:path_names] || {}).merge(options[:path_names] || {})
      options[:constraints]   = (@scope[:constraints] || {}).merge(options[:constraints] || {})
      options[:defaults]      = (@scope[:defaults] || {}).merge(options[:defaults] || {})
-
      @scope[:options]        = (@scope[:options] || {}).merge({:format => false}) if options[:format] == false

      resources.map!(&:to_sym)
--- a/lib/devise/strategies/authenticatable.rb
+++ b/lib/devise/strategies/authenticatable.rb
@ -85,7 +85,17 @@ module Devise

      # By default, a request is valid  if the controller is allowed and the VERB is POST.
      def valid_request?
-        env["devise.allow_params_authentication"]
+        if env["devise.allow_params_authentication"]
+          true
+        elsif request.post? && mapping.controllers[:sessions] == params[:controller]
+          ActiveSupport::Deprecation.warn "It seems that you are using a custom SessionsController. " \
+            "In order for it to work from Devise 1.4.6 forward, you need to add the following:" \
+            "\n\n  prepend_before_filter :allow_params_authentication!, :only => :create\n\n" \
+            "This will ensure your controller can authenticate from params for the create action.", caller
+          true
+        else
+          false
+        end
      end

      # If the request is valid, finally check if params_auth_hash returns a hash.