Using devise 4.3.0, the comments in Devise.setup are these:
# Configure which authentication keys should be case-insensitive.
# These keys will be downcased upon creating or modifying a user and when used
# to authenticate or find a user. Default is :email.
config.case_insensitive_keys = [:email]
We noticed that the downcasing (lowercasing) occurs during the validate
of the model.
It was unexpected to have such a data-altering side-effect in a validate
(and it causes mixed-cased emails to be saved as-is to the database in some cases).
This means that downcasing is not applied if validation is skipped, e.g.
user.save!
<-- the email is downcaseduser.save(validate: false)
<-- the email is not downcaseduser.update_attribute(:email, "UPPERCASE@test.com")
<-- the email is not downcased (because update_attribute skips validation)
I searched https://github.com/heartcombo/devise for case_insensitive_keys
to see if the fact that downcasing is applied on validate
was documented, and if that was still the case in recent versions, and didn't find anything yet.
Does the parameter "case_insensitive_keys" downcase the keys during validate
in recent devise version, and if not which version fixed this, and at which stage is the downcase done now (and are there still contexts in which devise's downcasing of the keys would not be applied inside Rails)?