Slightly obtuse bug I found when a user was using my reset password feature after I implemented something like this (https://github.com/plataformatec/devise/wiki/How-To:--Isolate-users-to-log-into-a-single-subdomain). It seems my query was not scoping to my subdomains correctly for non "authentication" flow queries.
When you have two devise models (such as Admin and User), and you have the request_keys set, any model overrides of find_first_by_auth_conditions will be ignored.
This may be related to the behavior @pivotalhalogen was seeing in #1752
Here is a sample application illustrating my problem:
When you run the test as is, it fails.
If you comment out the request_keys call in user.rb, it passes, as you would expect.
I'd be happy to help with a fix. However even though spent lots of time trying to figure what was the cause, I don't understand why it is happening. :)
Thank you for making Devise awesome!
Well, find_first_by_auth_conditions is not called on a reset password workflow, because it is not doing authentication per-se. This method is only called for authentication, like sessions controller, token authentication, etc.
I tried the application and I get an exception for authentication workflows and no exception for password reset, as expected, since find_first_by_auth_conditions is not called on password reset flow. Let me know if I am missing something, thanks!