search

lynndylanhurley / devise_token_auth

Token based authentication for Rails JSON APIs. Designed to work with jToker and ng-token-auth.
Do What The F*ck You Want To Public License
3.55k stars 1.14k forks source link

Find User by email and extra attributes #311

Open diegossilveira opened 9 years ago

diegossilveira commented 9 years ago

Hello,

We have an application that uses devise_token_auth to accomplish token based authentication features. A new feature requires that we must have multiple users with the same email address in our database with an extra attribute that put each user in a different scope: something like a tenant_id.

Looking at devise_token_auth code, we figured out that the only way to customize User search query is to override sessions_controller.rb:

q = "#{field.to_s} = ? AND provider='email'"

I believe a better approach is to define a method on the model (authentication subject) by convention and pass it all the parameters from the controller, so the query could be easily customizable. A default implementation of this method (with the current query) could be supplied on DeviseTokenAuth::Concerns::User.

Is there a good reason for not doing so?

goelinsights commented 7 years ago

@diegossilveira did you ever figure out a path forward? Looking at some similar multi-tenant issues where user email may be tied to multiple tenants and trying to figure this out.

Is an alternate approach potentially to add a tenant_name as an extra field in the token?