changing request parameters causes authentication failures

[gingerlime]

I'm posting it here, because I'm not getting much luck on devise, and I have a feeling it might be related to warden specifically. Either way, I'd appreciate some help.

I'm trying to normalize emails inside devise, by changing request params in the controller. e.g. bla@googlemail.com will be normalized to bla@gmail.com. Whenever devise's current_user is accessed beforehand, it causes authentication to fail.

Reproducible problem at https://github.com/gingerlime/rails-devise/tree/reproduce (specifically this commit)

When anything accesses current_user (e.g. in a before_action inside the application controller), then:

• authenticating with the real email (bla@gmail.com) works, but
• authenticating with a different email (bla@googlemail.com, that normalizes to bla@gmail.com) fails...

I'd really appreciate some help on how to tackle this. I'm not particularly familiar with devise or warden's internals, but happy to do more digging if necessary. Just not too sure where to even start.

[joker-777]

I investigated this problem and found out that warden caches the strategies in the methodclear_strategies_cache!, which is called by authenticate! but also when current_user is called, which happens most likely in some ApplicationController before filter. The password authentication strategy then already used the content of request.params which isn't normalized yet.

The solution would be this:

def create
  params[:user][:email] = normalize(params[:user][:email])
  request.params[:user].merge!(params[:user])
  warden.clear_strategies_cache!(:scope => :user)
  super
end

clear_strategies_cache! can be used without parameters or for a specific scope or even for a specific strategy.