Ability to use attr_protected attributes as sign-in keys without triggering ActiveModel::MassAssignmentSecurity::Error when ActiveRecord::Base.mass_assignment_sanitizer is set to :strict. Fixes #1729.

test/controllers/sessions_controller_test.rb

@@ -13,4 +13,20 @@ class SessionsControllerTest < ActionController::TestCase
     assert_equal 200, @response.status
     assert_template "devise/sessions/new"
   end
+  
+  test "#new doesn't raise mass-assignment exception even if sign-in key is attr_protected" do
+    request.env["devise.mapping"] = Devise.mappings[:user] 
+ 
+    ActiveRecord::Base.mass_assignment_sanitizer = :strict
+    User.class_eval { attr_protected :email }
+    
+    begin
+      assert_nothing_raised ActiveModel::MassAssignmentSecurity::Error do
+        get :new, :user => { :email => "allez viens!" }
+      end
+    ensure
+      ActiveRecord::Base.mass_assignment_sanitizer = :logger
+      User.class_eval { attr_accessible :email }
+    end
+  end
 end