avoids conflicts with users using email as username

2017-06-12 18:54:39 +02:00
parent 3f11dbe1d5
commit ed30051653
2 changed files with 84 additions and 36 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -292,7 +292,8 @@ class User < ActiveRecord::Base
  def self.find_for_database_authentication(warden_conditions)
    conditions = warden_conditions.dup
    if login = conditions.delete(:login)
-      where(conditions.to_hash).where(["lower(email) = ? OR username = ?", login.downcase, login]).first
+      where(conditions.to_hash).where(["lower(email) = ?", login.downcase]).first ||
+      where(conditions.to_hash).where(["username = ?", login]).first
    elsif conditions.has_key?(:username) || conditions.has_key?(:email)
      where(conditions.to_hash).first
    end