This caused issues with OAuth header authentication.
Please note I have added a test but I'm not sure it works right as it doesn't fails without the change :-)
But it does fix failures in the oauth-plugin provider specs using devise.
Signed-off-by: José Valim <jose.valim@gmail.com>
The forgetable hook will delete cookies based on the :scope in an
options hash but it was overwriting the options and setting them to
either an empty hash or a hash with a single :domain key. Because the
:scope was lost, the hook was trying to delete the 'remember__token'
instead of the more typical 'remember_user_token' cookie.
You are now allowed to do:
devise_for :users do
# Non conventional sign_in route
get "/sign_in" => "devise/sessions#new"
end
And it should work as expected.
If you have non conventional routes and want to specify the scope for a controller, you can do that at the router level:
as :user do
get "/sign_in", :to => "devise/session#new"
end
This is saying: when accessing "/sign_in", devise should use the user scope. Meaning that users signed through that form will be signed to the user scope.
Devise 1.1.0 will be released soon. This new version will support activerecord and mongoid as default ORMs. From now on, Devise will prefer ORM extensions as gems since this is the best way to handle dependencies.
For example, to allow Devise to work with Datamapper, it requires at least activemodel, dm-rails and dm-timestamps. If the ORM support comes from Devise gem, we cannot add dm-rails and dm-timestamps as dependencies, relying on the developer and documentation to find these out and install them.
Other ORMs may still be added to Devise, as long as they are supported by the community, extend Devise test suite to have all tests passing and they necessarily use ActiveModel::Validations.
