search

abevoelker / devise-passwordless

Devise passwordless logins using emailed magic links
MIT License
197 stars 37 forks source link

Hardcoded `email` attribute #65

Open stemps opened 1 month ago

stemps commented 1 month ago

Currently devise-passwordless has a hard-coded assumption that email is the only authentication key. However, devise allows using other attributes for retrieving and authenticating the user

class CustomUser < ApplicationRecord
  devise :magic_link_authenticatable, :authentication_keys => [:username]
end

I have a use case where I have a user model with an email attribute but where the email address is present but is not a unique key. Instead a separate unique username is used to retrieve the user and send them a login link.

Other tools like active_admin use these authentication_keys to dynamically build the login form.

It would be nice if devise-passwordless would respect the authentication_keys config setting and use these attributes to build the magic link and for the permitted params in the Devise::Passwordless::SessionsController.

I am happy to submit a PR with this change, but wanted to check first if you are interested in incorporating this change.

abevoelker commented 1 month ago

Definitely! That would be great! Thank you

On Tue, Jul 23, 2024 at 2:32 AM Simon Stemplinger @.***> wrote:

Currently devise-passwordless has a hard-coded assumption that email is the only authentication key. However, devise allows using other attributes for retrieving and authenticating the user

class CustomUser < ApplicationRecord devise :magic_link_authenticatable, :authentication_keys => [:username] end

I have a use case where I have a user model with an email attribute but where the email address is present but is not a unique key. Instead a separate unique username is used to retrieve the user and send them a login link.

Other tools like active_admin use these authentication_keys to dynamically build the login form https://github.com/activeadmin/activeadmin/blob/master/app/views/active_admin/devise/sessions/new.html.erb#L9 .

It would be nice if devise-passwordless would respect the authentication_keys config setting and use these attributes to build the magic link and for the permitted params in the Devise::Passwordless::SessionsController.

I am happy to submit a PR with this change, but wanted to check first if you are interested in incorporating this change.

— Reply to this email directly, view it on GitHub https://github.com/abevoelker/devise-passwordless/issues/65, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABFO43FFEBTQXFDRYWIYODZNYBITAVCNFSM6AAAAABLJ2ICHCVHI2DSMVQWIX3LMV43ASLTON2WKOZSGQZDINBXHE3DAOI . You are receiving this because you are subscribed to this thread.Message ID: @.***>