Updated notes for external user authentication

Author: jamesprior

doc/release_notes.md

@@ -188,6 +188,14 @@ There is now a core API for handling users that are authenticated/authorized aga
 
 A sample implementation of an authentication strategy can be found in lib/cms/authentication/test_password_strategy. Strategies are implemented as Devise Strategies and should either login or pass to the next strategy.
 
+Don't forget to enable your new strategy in config/initializers/devise.rb
+```
+# Add test_password strategy BEFORE other CMS authentication strategies
+config.warden do |manager|
+ manager.default_strategies(:scope => :cms_user).unshift :my_custom_strategy
+end
+```
+
 This implementation is intended to replace CAS based strategies used in BrowserCMS 3.x. It provides the ability to style the login page directly, and avoid having an external CAS server software.
 
 ## Upgrading

lib/cms/authentication/test_password_strategy.rb

@@ -16,4 +16,13 @@ def authenticate!
  end
 end
 
-Warden::Strategies.add(:test_password, Cms::Authentication::TestPasswordStrategy)
+Warden::Strategies.add(:test_password, Cms::Authentication::TestPasswordStrategy)
+
+# NOTE: To enable a custom password strategy for BrowserCMS you must also add it to to the devise configuration.
+# 
+# For example enable the test_password strategy above by adding the following to config/initializers/devise.rb
+
+# # Add test_password strategy BEFORE other CMS authentication strategies
+# config.warden do |manager|
+# manager.default_strategies(:scope => :cms_user).unshift :test_password
+# end