Merge pull request #2504 from plataformatec/remember-me

Add remember_me to the permitted sign_in params

Gemfile.lock

@@ -16,7 +16,7 @@ PATH
       bcrypt-ruby (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 3.2.6, < 5)
-      warden (~> 1.2.1)
+      warden (~> 1.2.2)
 
 GEM
   remote: https://rubygems.org/
@@ -47,7 +47,7 @@ GEM
       tzinfo (~> 0.3.37)
     arel (4.0.0)
     atomic (1.1.10)
-    bcrypt-ruby (3.0.1)
+    bcrypt-ruby (3.1.1)
     builder (3.1.4)
     erubis (2.7.0)
     faraday (0.8.7)
@@ -132,7 +132,7 @@ GEM
       polyglot
       polyglot (>= 0.3.1)
     tzinfo (0.3.37)
-    warden (1.2.1)
+    warden (1.2.2)
       rack (>= 1.0)
     webrat (0.7.3)
       nokogiri (>= 1.2.0)

lib/devise/parameter_sanitizer.rb

@@ -45,7 +45,7 @@ module Devise
     # here allows us to construct a new user without sensitive information if
     # authentication fails.
     def sign_in
-      default_params.permit(*auth_keys + [:password])
+      default_params.permit(*auth_keys + [:password, :remember_me])
     end
 
     def sign_up

test/parameter_sanitizer_test.rb

@@ -21,8 +21,8 @@ if defined?(ActionController::StrongParameters)
     end
 
     test 'filters some parameters on sign in by default' do
-      sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" })
-      assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.for(:sign_in))
+      sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid", "remember_me" => "1" })
+      assert_equal({ "email" => "jose", "password" => "invalid", "remember_me" => "1" }, sanitizer.for(:sign_in))
     end
 
     test 'handles auth keys as a hash' do