Fix parameter validation in our custom devise strategies (#33754)

2025-01-28 09:21:59 +01:00
parent 8a2d764d34
commit 6646a0a9fa
2 changed files with 2 additions and 2 deletions
--- a/lib/devise/strategies/two_factor_ldap_authenticatable.rb
+++ b/lib/devise/strategies/two_factor_ldap_authenticatable.rb
@@ -23,7 +23,7 @@ module Devise
      protected

      def valid_params?
-        params[scope] && params[scope][:password].present?
+        params[scope].is_a?(Hash) && params[scope][:password].present?
      end
    end
  end
--- a/lib/devise/strategies/two_factor_pam_authenticatable.rb
+++ b/lib/devise/strategies/two_factor_pam_authenticatable.rb
@@ -22,7 +22,7 @@ module Devise
      protected

      def valid_params?
-        params[scope].respond_to?(:[]) && params[scope][:password].present?
+        params[scope].is_a?(Hash) && params[scope][:password].present?
      end
    end
  end