lib/janus/controllers/sessions_controller.rb in janus-0.6.0 vs lib/janus/controllers/sessions_controller.rb in janus-0.7.0
- old
+ new
@@ -15,33 +15,33 @@
helper JanusHelper
# skip_before_filter :authenticate_user!
def new
params[:return_to] ||= request.env["HTTP_REFERER"]
-
+
if signed_in?(janus_scope)
redirect_after_sign_in(send("current_#{janus_scope}"))
else
self.resource = resource_class.new
respond_with(resource)
end
end
def create
self.resource = resource_class.find_for_database_authentication(params[resource_name])
-
+
if resource && resource.valid_password?(params[resource_name][:password])
janus.login(resource, :scope => janus_scope, :rememberable => params[:remember_me])
-
+
respond_to do |format|
format.html { redirect_after_sign_in(resource) }
format.any { head :ok }
end
else
respond_to do |format|
format.html do
- self.resource ||= resource_class.new(params[resource_name])
+ self.resource ||= resource_class.new(resource_params)
resource.clean_up_passwords
resource.errors.add(:base, :not_found)
render "new", :status => :unauthorized
end
format.any { head :unauthorized }
@@ -49,11 +49,11 @@
end
end
def destroy
janus.logout(janus_scope)
-
+
respond_to do |format|
format.html { redirect_to after_sign_out_url(janus_scope) }
format.any { head :ok }
end
end
@@ -117,15 +117,23 @@
elsif valid_remote_host?(return_to.host)
if user.class.include?(Janus::Models::RemoteAuthenticatable)
query = return_to.query_values || {}
return_to.query_values = query.merge(user.class.remote_authentication_key => user.generate_remote_token!)
end
-
+
redirect_to return_to.to_s
return
end
end
end
-
+
redirect_to after_sign_in_url(user)
+ end
+
+ def resource_params
+ if params.respond_to?(:permit)
+ params.require(janus_scope).permit(*resource_class.authentication_keys)
+ else
+ params[janus_scope].slice(*resource_class.authentication_keys)
+ end
end
end