Multiple username_attributes!

[ubermajestix]

I have the somewhat common use case of needing to login users via a username or email address.

Authlogic supports this by letting you override the lookup function, but I've ripped out authlogic in favor of sorcery (sorcery is sooo much nicer, thank you for writing this gem!).

My thought here is to let users specify one or more username_attributes in the config file. I've modified sorcery to look up users by looping through the attributes, issuing a query for each attribute, and returning the user as soon as it finds one.

I've added specs for this and updated the all other specs to reflect the change.

In addition to the code change I've added a README for running specs.

Let me know what you think!

[NoamB]

That's an impressive pull request! I love it!

Just one thing before I pull it - can you make it do just one query instead of looping through the attributes (using OR I guess) ? There's no real reason to make a separate query for each attribute.

[ubermajestix]

I have changed the activerecord behavior to issue one query (super easy).

I didn't change the mongoid behavior because OR queries in mongo are hard to do right, or, I don't know how to do them.

I pulled in the controller_spec from the rails3 specs to rails3_mongoid to test using two different attributes to login with mongoid.

I tried several combinations using mongoid's Model.any_of and Model.where and could not get the correct outcome so I left the original looping code. Do you know the right way to do this kind of query with mongo?

[NoamB]

I'll try to check tomorrow regarding mongoid.
Also need to check if this sql is not open to injections (for example, a user writes an SQL string instead of an attribute name).

edit: strike the silly comment about SQL injection... it's not data from outside... it's internal configuration.. doh.

[NoamB]

anyway, we can fix mongo later... I'm going to pull.