Hardcoded `email` attribute
stemps opened this issue · 1 comments
Currently devise-passwordless has a hard-coded assumption that email is the only authentication key. However, devise allows using other attributes for retrieving and authenticating the user
class CustomUser < ApplicationRecord
devise :magic_link_authenticatable, :authentication_keys => [:username]
end
I have a use case where I have a user model with an email attribute but where the email address is present but is not a unique key. Instead a separate unique username is used to retrieve the user and send them a login link.
Other tools like active_admin use these authentication_keys to dynamically build the login form.
It would be nice if devise-passwordless would respect the authentication_keys config setting and use these attributes to build the magic link and for the permitted params in the Devise::Passwordless::SessionsController.
I am happy to submit a PR with this change, but wanted to check first if you are interested in incorporating this change.