after_confirmation_path_for checks whether the user already signed in
by calling signed_in? after confirmation succeeded.
Since it was called without scope specification, the user treated as
signed in inappropriately when the user signed in as another resource
(such as 'admin').
Changes the behavior of `Devise.warden` such that calling it multiple
times with different blocks will result in a call to each block on
`Devise.configure_warden!` rather than "last block wins". This is
especially used for plugins that wish to extend warden functionality
without clobbering base app configuration or vice versa.
Only execute the `SessionsController#destroy` if there is a signed in
user, otherwise it will raise
`ActionController::InvalidAuthenticityToken`.
Fixes#2934.
Pushing the `Time` object inside the session has inconsistencies
across different serializers and we should use a more primitive type
so we don't need any specific parsing logic for the JSON serializer.
Right now if you try to use a route that you have defined in your `omniauth_callbacks` but you have not declared that resource to be `omniauthable` you will get a weird route missing error which causes the user to look in the routes for the fix:
```ruby
devise_for :users, controllers: {omniauth_callbacks: "users/omniauth_callbacks"}
```
This PR checks to see if the mapping of `:user` has the module `omniauthable` included in it when `omniauth_callbacks` is specified in the route. If it does not, an instructional error is raised:
```
Mapping omniauth_callbacks on a resource that is not omniauthable
Please add `devise :omniauthable` to the `User` model
```
This is used as a complement to `stored_location_for`.
Example:
Before authorizing with Omniauth;
store_location_for(:user, dashboard_path)
redirect_to user_omniauth_authorize_path(:facebook)
In our Omniauth callback
sign_in(user)
redirect_to stored_location_for(:user) || root_path
This method is part of the protected API and is used by custom
encryption engines (like `devise-encryptable`) to hook the custom
encryption logic in the models.
Fixes#2730
