Devise does not intercept 401 returned from applications anymore

2010-11-09 23:42:14 +01:00 · 2010-11-09 23:42:14 +01:00 · c7efb68a77
parent 2366530d55
commit c7efb68a77
8 changed files with 17 additions and 4 deletions
--- a/CHANGELOG.rdoc
+++ b/CHANGELOG.rdoc
@ -22,6 +22,7 @@
 * default behavior changes
  * sign_out_all_scopes defaults to true as security measure
  * http authenticatable is disabled by default
+  * Devise does not intercept 401 returned from applications

 * bugfix
  * after_sign_in_path_for always receives a resource
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -126,12 +126,12 @@ GEM
    ruby-openid (2.1.8)
    ruby-openid-apps-discovery (1.2.0)
      ruby-openid (>= 2.1.7)
-    sqlite3-ruby (1.3.1)
+    sqlite3-ruby (1.3.2)
    thor (0.14.4)
    treetop (1.4.8)
      polyglot (>= 0.3.1)
    tzinfo (0.3.23)
-    warden (1.0.1)
+    warden (1.0.2)
      rack (>= 1.0.0)
    weakling (0.0.4-java)
    webrat (0.7.1)
--- a/2
+++ b/2
@ -46,7 +46,7 @@ begin
    s.authors = ['José Valim', 'Carlos Antônio']
    s.files =  root_files + FileList["{app,config,lib}/**/*"]
    s.extra_rdoc_files = root_files
-    s.add_dependency("warden", "~> 1.0.0")
+    s.add_dependency("warden", "~> 1.0.2")
    s.add_dependency("orm_adapter", "~> 0.0.2")
    s.add_dependency("bcrypt-ruby", "~> 2.1.2")
  end
--- a/lib/devise.rb
+++ b/lib/devise.rb
@ -335,6 +335,7 @@ module Devise
    @@warden_configured ||= begin
      warden_config.failure_app   = Devise::FailureApp
      warden_config.default_scope = Devise.default_scope
+      warden_config.intercept_401 = false

      Devise.mappings.each_value do |mapping|
        warden_config.scope_defaults mapping.name, :strategies => mapping.strategies
--- a/lib/generators/templates/devise.rb
+++ b/lib/generators/templates/devise.rb
@ -161,7 +161,8 @@ Devise.setup do |config|
  # change the failure app, you can configure them inside the config.warden block.
  #
  # config.warden do |manager|
-  #   manager.failure_app = AnotherApp
+  #   manager.failure_app   = AnotherApp
+  #   manager.intercept_401 = false
  #   manager.default_strategies(:scope => :user).unshift :some_external_strategy
  # end
 end
--- a/test/integration/authenticatable_test.rb
+++ b/test/integration/authenticatable_test.rb
@ -301,6 +301,11 @@ class AuthenticationOthersTest < ActionController::IntegrationTest
    assert_equal 404, response.status
  end

+  test 'does not intercept Rails 401 responses' do
+    get '/unauthenticated'
+    assert_equal 401, response.status
+  end
+
  test 'render 404 on roles without mapping' do
    assert_raise AbstractController::ActionNotFound do
      get '/sign_in'
--- a/test/rails_app/app/controllers/home_controller.rb
+++ b/test/rails_app/app/controllers/home_controller.rb
@ -9,4 +9,8 @@ class HomeController < ApplicationController
    session["devise.foo_bar"] = "something"
    head :ok
  end
+
+  def unauthenticated
+    render :text => "unauthenticated", :status => :unauthorized
+  end
 end
--- a/test/rails_app/config/routes.rb
+++ b/test/rails_app/config/routes.rb
@ -50,5 +50,6 @@ Rails.application.routes.draw do
  end

  match "/set", :to => "home#set"
+  match "/unauthenticated", :to => "home#unauthenticated"
  root :to => "home#index"
 end