make User#send_reset_password_instructions to require all authentication_keys

Signed-off-by: José Valim <jose.valim@gmail.com>

lib/devise/models/authenticatable.rb

@@ -119,6 +119,30 @@ module Devise
 
           record
         end
+        
+        def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc:
+          attributes = attributes.slice(*required_attributes)
+          attributes.delete_if { |key, value| value.blank? }
+
+          if attributes.size == required_attributes.size
+            record = find(:first, :conditions => attributes)
+          end
+          
+          unless record
+            record = new
+            record.send(:attributes=, attributes, false)
+
+            if attributes.size == required_attributes.size
+              record.errors.add(:base, error)
+            else
+              required_attributes.reject { |k| attributes[k].present? }.each do |attribute|
+                record.errors.add(attribute, :blank)
+              end
+            end
+          end
+
+          record
+        end
 
         # Generate a token by looping and ensuring does not already exist.
         def generate_token(column)

lib/devise/models/recoverable.rb

@@ -57,7 +57,7 @@ module Devise
         # with an email not found error.
         # Attributes must contain the user email
         def send_reset_password_instructions(attributes={})
-          recoverable = find_or_initialize_with_error_by(:email, attributes[:email], :not_found)
+          recoverable = find_or_initialize_with_errors(authentication_keys, attributes, :not_found)
           recoverable.send_reset_password_instructions if recoverable.persisted?
           recoverable
         end

test/integration/recoverable_test.rb

@@ -58,7 +58,7 @@ class PasswordTest < ActionController::IntegrationTest
     assert_response :success
     assert_template 'passwords/new'
     assert_have_selector 'input[type=text][value=\'invalid.test@test.com\']'
-    assert_contain 'Email not found'
+    assert_contain 'not found'
   end
 
   test 'authenticated user should not be able to visit edit password page' do

test/models/recoverable_test.rb

@@ -83,7 +83,24 @@ class RecoverableTest < ActiveSupport::TestCase
   test 'should return a new record with errors if user was not found by e-mail' do
     reset_password_user = User.send_reset_password_instructions(:email => "invalid@email.com")
     assert_not reset_password_user.persisted?
-    assert_equal "not found", reset_password_user.errors[:email].join
+    assert_equal "not found", reset_password_user.errors[:base].join
+  end
+  
+  test 'should find a user to send instructions by authentication_keys' do
+    swap Devise, :authentication_keys => [:username, :email] do
+      user = create_user
+      reset_password_user = User.send_reset_password_instructions(:email => user.email, :username => user.username)
+      assert_equal reset_password_user, user
+    end
+  end
+  
+  test 'should require all authentication_keys' do
+    swap Devise, :authentication_keys => [:username, :email] do
+      user = create_user
+      reset_password_user = User.send_reset_password_instructions(:email => user.email)
+      assert_not reset_password_user.persisted?
+      assert_equal "can't be blank", reset_password_user.errors[:username].join
+    end
   end
 
   test 'should reset reset_password_token before send the reset instructions email' do