From 8f20b13f84a9f7c3918a0ca2bdbf51a859917401 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Valim?= <jose.valim@gmail.com>
Date: Tue, 28 Dec 2010 23:00:23 +0100
Subject: [PATCH] By default, just require e-mail on recover and lockable.

---
 CHANGELOG.rdoc                   |  2 +-
 lib/devise/models/lockable.rb    |  6 +++++-
 lib/devise/models/recoverable.rb |  6 +++++-
 test/models/lockable_test.rb     |  9 ---------
 test/models/recoverable_test.rb  | 11 +----------
 5 files changed, 12 insertions(+), 22 deletions(-)

diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc
index fb205f3953..fad53c07c1 100644
--- a/CHANGELOG.rdoc
+++ b/CHANGELOG.rdoc
@@ -43,7 +43,7 @@
 * bugfix
   * after_sign_in_path_for always receives a resource
   * Do not execute Warden::Callbacks on Devise::TestHelpers (by github.com/sgronblo)
-  * Password recovery and account unlocking takes into account authentication keys (by github.com/RStankov)
+  * Allow password recovery and account unlocking to change used keys (by github.com/RStankov)
   * FailureApp now properly handles nil request.format
   * Fix a bug causing FailureApp to return with HTTP Auth Headers for IE7
   * Ensure namespaces has proper scoped views
diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb
index 3570e9ebf3..c910daa420 100644
--- a/lib/devise/models/lockable.rb
+++ b/lib/devise/models/lockable.rb
@@ -132,7 +132,7 @@ module ClassMethods
         # with an email not found error.
         # Options must contain the user email
         def send_unlock_instructions(attributes={})
-         lockable = find_or_initialize_with_errors(authentication_keys, attributes, :not_found)
+         lockable = find_or_initialize_with_errors(unlock_keys, attributes, :not_found)
          lockable.resend_unlock_token if lockable.persisted?
          lockable
         end
@@ -161,6 +161,10 @@ def unlock_token
           Devise.friendly_token
         end
 
+        def unlock_keys
+          [:email]
+        end
+
         Devise::Models.config(self, :maximum_attempts, :lock_strategy, :unlock_strategy, :unlock_in)
       end
     end
diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb
index 895eb4c79f..735330604a 100644
--- a/lib/devise/models/recoverable.rb
+++ b/lib/devise/models/recoverable.rb
@@ -57,7 +57,7 @@ module ClassMethods
         # with an email not found error.
         # Attributes must contain the user email
         def send_reset_password_instructions(attributes={})
-          recoverable = find_or_initialize_with_errors(authentication_keys, attributes, :not_found)
+          recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
           recoverable.send_reset_password_instructions if recoverable.persisted?
           recoverable
         end
@@ -67,6 +67,10 @@ def reset_password_token
           generate_token(:reset_password_token)
         end
 
+        def reset_password_keys
+          [:email]
+        end
+
         # Attempt to find a user by it's reset_password_token to reset it's
         # password. If a user is found, reset it's password and automatically
         # try saving the record. If not user is found, returns a new user
diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb
index ff34817f59..d0433dcc45 100644
--- a/test/models/lockable_test.rb
+++ b/test/models/lockable_test.rb
@@ -186,15 +186,6 @@ def setup
     end
   end
 
-  test 'should require all authentication_keys' do
-    swap Devise, :authentication_keys => [:username, :email] do
-      user = create_user
-      unlock_user = User.send_unlock_instructions(:email => user.email)
-      assert_not unlock_user.persisted?
-      assert_equal "can't be blank", unlock_user.errors[:username].join
-    end
-  end
-
   test 'should not be able to send instructions if the user is not locked' do
     user = create_user
     assert_not user.resend_unlock_token
diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb
index 564e392d2c..043e848151 100644
--- a/test/models/recoverable_test.rb
+++ b/test/models/recoverable_test.rb
@@ -85,7 +85,7 @@ def setup
     assert_not reset_password_user.persisted?
     assert_equal "not found", reset_password_user.errors[:email].join
   end
-  
+
   test 'should find a user to send instructions by authentication_keys' do
     swap Devise, :authentication_keys => [:username, :email] do
       user = create_user
@@ -93,15 +93,6 @@ def setup
       assert_equal reset_password_user, user
     end
   end
-  
-  test 'should require all authentication_keys' do
-    swap Devise, :authentication_keys => [:username, :email] do
-      user = create_user
-      reset_password_user = User.send_reset_password_instructions(:email => user.email)
-      assert_not reset_password_user.persisted?
-      assert_equal "can't be blank", reset_password_user.errors[:username].join
-    end
-  end
 
   test 'should reset reset_password_token before send the reset instructions email' do
     user = create_user