Support authentication with multiple fields

danielneis · danielneis · commit 28a06ce5d0c6 · 2017-11-06T18:22:47.000-02:00
diff --git a/app/controllers/devise_token_auth/concerns/resource_finder.rb b/app/controllers/devise_token_auth/concerns/resource_finder.rb
@@ -13,13 +13,25 @@ def get_case_insensitive_field_from_resource_params(field)
   end
 
   def find_resource(field, value)
-    # fix for mysql default case insensitivity
-    q = "#{field.to_s} = ? AND provider='#{provider.to_s}'"
-    if ActiveRecord::Base.connection.adapter_name.downcase.starts_with? 'mysql'
-      q = "BINARY " + q
+
+    fields = (resource_params.keys.map(&:to_sym) & resource_class.authentication_keys)
+
+    conditions = []
+    values = {}
+    fields.each do |f|
+      q = " #{f.to_s} = :#{f.to_s} "
+      # fix for mysql default case insensitivity
+      if ActiveRecord::Base.connection.adapter_name.downcase.starts_with? 'mysql'
+        q = "BINARY " + q
+      end
+      conditions.push(q)
+      values[f.to_sym] = get_case_insensitive_field_from_resource_params(f)
     end
 
-    @resource = resource_class.where(q, value).first
+    conditions.push(' provider = :provider')
+    values[:provider] = provider.to_s
+
+    @resource = resource_class.where([conditions.join(" AND "), values]).first
   end
 
   def resource_class(m=nil)
diff --git a/app/controllers/devise_token_auth/passwords_controller.rb b/app/controllers/devise_token_auth/passwords_controller.rb
@@ -28,7 +28,7 @@ def create
       end
 
       @email = get_case_insensitive_field_from_resource_params(:email)
-      @resource = find_resource(:uid, @email)
+      @resource = find_resource
 
       @errors = nil
       @error_status = 400
diff --git a/app/controllers/devise_token_auth/sessions_controller.rb b/app/controllers/devise_token_auth/sessions_controller.rb
@@ -10,14 +10,8 @@ def new
 
     def create
       # Check
-      field = (resource_params.keys.map(&:to_sym) & resource_class.authentication_keys).first
 
-      @resource = nil
-      if field
-        q_value = get_case_insensitive_field_from_resource_params(field)
-
-        @resource = find_resource(field, q_value)
-      end
+      @resource = find_resource
 
       if @resource && valid_params?(field, q_value) && (!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?)
         valid_password = @resource.valid_password?(resource_params[:password])
diff --git a/app/controllers/devise_token_auth/unlocks_controller.rb b/app/controllers/devise_token_auth/unlocks_controller.rb
@@ -10,7 +10,7 @@ def create
       end
 
       @email = get_case_insensitive_field_from_resource_params(:email)
-      @resource = find_resource(:email, @email)
+      @resource = find_resource
 
       @errors = nil
       @error_status = 400
