Skip to content

Loading…

model can not override find_first_by_auth_conditions if 1) request_keys option is set AND 2) two devise models are present #2285

Closed
maxwell opened this Issue · 2 comments

2 participants

@maxwell

Hi,

Slightly obtuse bug I found when a user was using my reset password feature after I implemented something like this (https://github.com/plataformatec/devise/wiki/How-To:--Isolate-users-to-log-into-a-single-subdomain). It seems my query was not scoping to my subdomains correctly for non "authentication" flow queries.

When you have two devise models (such as Admin and User), and you have the request_keys set, any model overrides of find_first_by_auth_conditions will be ignored.

This may be related to the behavior @pivotalhalogen was seeing in #1752

Here is a sample application illustrating my problem:
https://github.com/maxwell/devise-request-key-bug

When you run the test as is, it fails.

If you comment out the request_keys call in user.rb, it passes, as you would expect.

I'd be happy to help with a fix. However even though spent lots of time trying to figure what was the cause, I don't understand why it is happening. :)

Thank you for making Devise awesome!

@josevalim
Plataformatec member

Well, find_first_by_auth_conditions is not called on a reset password workflow, because it is not doing authentication per-se. This method is only called for authentication, like sessions controller, token authentication, etc.

@josevalim
Plataformatec member

I tried the application and I get an exception for authentication workflows and no exception for password reset, as expected, since find_first_by_auth_conditions is not called on password reset flow. Let me know if I am missing something, thanks!

@josevalim josevalim closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.