Modify warden to not store in session

Previously, GDTA was storing the authenticated user in the session. This is likely not what was desired as evidenced by issue #7. Therefore, this commit changes warden to only sign in a user for that request. Since the user is not stored in session, the user has to be pulled from warden (rather than the warden through the session).
mcordell · Oct 9, 2015 · c7c3e4e · c7c3e4e
1 parent 365f9ab
commit c7c3e4e
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/lib/grape_devise_token_auth/auth_headers.rb b/lib/grape_devise_token_auth/auth_headers.rb
@@ -3,7 +3,7 @@ class AuthHeaders
     extend Forwardable
 
     def initialize(warden, mapping, request_start, data)
-      @resource = warden.session_serializer.fetch(mapping)
+      @resource = warden.user(:user)
       @request_start = request_start
       @data = data
     end

diff --git a/lib/grape_devise_token_auth/auth_helpers.rb b/lib/grape_devise_token_auth/auth_helpers.rb
@@ -3,7 +3,7 @@ module AuthHelpers
     def self.included(_base)
       Devise.mappings.keys.each do |mapping|
         define_method("current_#{mapping}") do
-          warden.session_serializer.fetch(mapping)
+          warden.user(mapping)
         end
 
         define_method("authenticate_#{mapping}") do

diff --git a/lib/grape_devise_token_auth/devise_interface.rb b/lib/grape_devise_token_auth/devise_interface.rb
@@ -8,7 +8,7 @@ def initialize(data)
     # extracted and simplified from Devise
     def set_user_in_warden(scope, resource)
       scope = Devise::Mapping.find_scope!(scope)
-      warden.session_serializer.store(resource, scope)
+      warden.set_user(resource, scope: scope, store: false)
     end
 
     def mapping_to_class(m)