Merge pull request #548 from kenjis/fix-findByCredentials

fix: findByCredentials() returns User when email is empty string

Author: kenjis

src/Models/UserModel.php

@@ -177,16 +177,28 @@ public function findByCredentials(array $credentials): ?User
         $email = $credentials['email'] ?? null;
         unset($credentials['email']);
 
+        if ($email === null && $credentials === []) {
+            return null;
+        }
+
         // any of the credentials used should be case-insensitive
         foreach ($credentials as $key => $value) {
-            $this->where('LOWER(' . $this->db->protectIdentifiers("users.{$key}") . ')', strtolower($value));
+            $this->where(
+                'LOWER(' . $this->db->protectIdentifiers("users.{$key}") . ')',
+                strtolower($value)
+            );
         }
 
-        if (! empty($email)) {
-            $data = $this->select('users.*, auth_identities.secret as email, auth_identities.secret2 as password_hash')
+        if ($email !== null) {
+            $data = $this->select(
+                'users.*, auth_identities.secret as email, auth_identities.secret2 as password_hash'
+            )
                 ->join('auth_identities', 'auth_identities.user_id = users.id')
                 ->where('auth_identities.type', Session::ID_TYPE_EMAIL_PASSWORD)
-                ->where('LOWER(' . $this->db->protectIdentifiers('auth_identities.secret') . ')', strtolower($email))
+                ->where(
+                    'LOWER(' . $this->db->protectIdentifiers('auth_identities.secret') . ')',
+                    strtolower($email)
+                )
                 ->asArray()
                 ->first();
 

tests/Unit/UserModelTest.php

@@ -45,6 +45,22 @@ public function testSaveInsertUser(): void
         ]);
     }
 
+    /**
+     * @see https://github.com/codeigniter4/shield/issues/546
+     */
+    public function testFindByCredentialsEmptyEmail(): void
+    {
+        $users = $this->createUserModel();
+        $user  = $this->createNewUser();
+        $users->save($user);
+
+        $user = $users->findByCredentials(['email' => '']);
+        $this->assertNull($user);
+
+        $user = $users->findByCredentials([]);
+        $this->assertNull($user);
+    }
+
     public function testInsertUserObject(): void
     {
         $users = $this->createUserModel();