Configures Devise to Use UID Instead of Email (#1198)

K8Sewell · web-flow · commit 164ed2a10e87 · 2026-03-06T10:28:14.000-08:00
* Configure devise to lookup by uid

* Add key for guest users
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -21,4 +21,15 @@ def landing
   def help_guide
     render "/help_guide"
   end
+
+  private
+
+  # Needed for guest user authentication. Devise expects the authentication key to be present, but we want to allow it to be nil for non-guest users.
+  # This method ensures that only keys starting with "guest" are considered valid, and generates a unique guest UID if the key is nil or invalid.
+  # rubocop:disable Lint/UselessAssignment
+  def guest_uid_authentication_key(key)
+    key &&= nil unless /^guest/.match?(key.to_s)
+    key ||= "guest_" + Array.new(5) { SecureRandom.rand(0..9) }.join
+  end
+  # rubocop:enable Lint/UselessAssignment
 end
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
@@ -40,7 +40,7 @@
   # session. If you need permissions, you should implement that in a before filter.
   # You can also supply a hash where the value is a boolean determining whether
   # or not authentication should be aborted when the value is not present.
-  # config.authentication_keys = [:email]
+  config.authentication_keys = [:uid]
   # require "omniauth-cas"
 
   config.omniauth :openid_connect, {
@@ -72,12 +72,12 @@
   # Configure which authentication keys should be case-insensitive.
   # These keys will be downcased upon creating or modifying a user and when used
   # to authenticate or find a user. Default is :email.
-  config.case_insensitive_keys = [:email]
+  config.case_insensitive_keys = [:uid]
 
   # Configure which authentication keys should have whitespace stripped.
   # These keys will have whitespace before and after removed upon creating or
   # modifying a user and when used to authenticate or find a user. Default is :email.
-  config.strip_whitespace_keys = [:email]
+  config.strip_whitespace_keys = [:uid]
 
   # Tell if authentication through request.params is enabled. True by default.
   # It can be set to an array that will enable params authentication only for the
diff --git a/db/migrate/20260227200115_add_index_to_users_uid.rb b/db/migrate/20260227200115_add_index_to_users_uid.rb
@@ -0,0 +1,5 @@
+class AddIndexToUsersUid < ActiveRecord::Migration[7.0]
+  def change
+    add_index :users, :uid, unique: true, if_not_exists: true
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.0].define(version: 2024_01_15_173008) do
+ActiveRecord::Schema[7.0].define(version: 2026_02_27_200115) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
 
@@ -51,6 +51,7 @@
     t.index ["netid"], name: "index_users_on_netid", unique: true
     t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
     t.index ["sub"], name: "index_users_on_sub", unique: true
+    t.index ["uid"], name: "index_users_on_uid", unique: true
   end
 
 end
