We assume this method already gets the sanitized values from the DatabaseAuthenticatable strategy. If you are using this method on your own, be sure to sanitize the conditions hash to only include the proper fields.
# File lib/devise/models/database_authenticatable.rb, line 120 def find_for_database_authentication(conditions) find_for_authentication(conditions) end