devise Users::SessionsController#create ignore params when auth toke exists

Users::SessionsController#create ignore params when auth toke exists

Open edimossilva opened this issue 3 years ago • 0 comments

Environment

Ruby 2.7.0p0
Rails 6.1.4.1
Devise 4.8.0

Current behavior

Any request for Users::SessionsController#create with User A token and User B params will login with User A data. e.g.: https://github.com/espoo-dev/espoo-dev/pull/542/files

Expected behavior

Any request for Users::SessionsController#create with User A token and User B params should login with User B params.

Jan 22 '22 17:01 edimossilva

devise devise copied to clipboard

Users::SessionsController#create ignore params when auth toke exists

Environment

Current behavior

Expected behavior

devise
devise copied to clipboard