Devise ignoring custom strategy

Question

This is just plain weird.

I\'ve got Rails 3 RC running with Devise installed. I\'ve defined a custom strategy to try and use Kerberos for authentication.

Answer 1

In case someone else comes across this, here's what I believe the problem is:

According to Warden Strategies:

valid?

The valid? method acts as a guard for the strategy. It’s optional to declare a valid? method, and if you don’t declare it, the strategy will always be run. If you do declare it though, the strategy will only be tried if #valid? evaluates to true.

The strategy above is reasoning that if there’s either a ‘username’ or a ‘password’ param, then the user is trying to login. If there’s only one of them, then the ‘User.authenticate’ call will fail, but it was still the desired (valid) strategy.

So your valid method:

def valid?
  params[:username] || params[:password]
end

It's returning false, so the authenticate! is never called. params is a nested hash, so it should be params[:user][:username] instead of params[:username].

Changing your valid method to:

def valid?
  params[:user] && (params[:user][:username] || params[:user][:password])
end

will return true and cause the authenticate! method to be called.