update security handling for user namespace

2012-11-22 15:47:28 +01:00
parent b9efc6e860
commit ef31958bd6
24 changed files with 634 additions and 64 deletions
@@ -3,7 +3,7 @@ class ApplicationController < ActionController::Base
  layout :layout_by_resource
  
  
-  #protect_from_forgery
+  protect_from_forgery

  private

@@ -13,7 +13,7 @@ class ApplicationController < ActionController::Base

  def layout_by_resource
    if devise_controller?
-      'theme1'
+      session[:user_return_to] =~ /obtain_token/ ? 'obtain_token' : 'theme1'
    else
      "application"
    end