add remember_me to the permitted sign_in params

2026-01-09 23:08:05 -05:00 · 2013-07-12 22:14:32 +03:00
parent 36fb1ecf4d
commit 2c1ca126f4
2 changed files with 3 additions and 3 deletions
--- a/lib/devise/parameter_sanitizer.rb
+++ b/lib/devise/parameter_sanitizer.rb
@@ -45,7 +45,7 @@ module Devise
    # here allows us to construct a new user without sensitive information if
    # authentication fails.
    def sign_in
-      default_params.permit(*auth_keys + [:password])
+      default_params.permit(*auth_keys + [:password, :remember_me])
    end

    def sign_up
--- a/test/parameter_sanitizer_test.rb
+++ b/test/parameter_sanitizer_test.rb
@@ -21,8 +21,8 @@ if defined?(ActionController::StrongParameters)
    end

    test 'filters some parameters on sign in by default' do
-      sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" })
-      assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.for(:sign_in))
+      sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid", "remember_me" => "1" })
+      assert_equal({ "email" => "jose", "password" => "invalid", "remember_me" => "1" }, sanitizer.for(:sign_in))
    end

    test 'handles auth keys as a hash' do