Does gorm interpret the content of a struct with a logical OR?

Question

New to SQL, I am writing as an exercise an API middleware that checks if the information contained in some headers match a database entry ("token-based authentication"). Database access is based on GORM.

To this, I have defined my ORM as follows:

type User struct {
    ID       uint
    UserName string
    Token string
}

In my middleware I retrieve the content of relevant headers and end up with the variables userHeader and tokenHeader. They are supposed to be matched to the database in order to do the authentication.

The user table has one single entry:

select * from users 
// 1,admin,admintoken

The authentication code is

    var auth User
    res := db.Where(&User{UserName: userHeader, Token: tokenHeader}).Find(&auth)
    if res.RowsAffected == 1 {
        // authentication succeeded
    }

When testing this, I end up with the following two incorrect results (other combinations are correct):

• with only one header set to a correct value (and the other one not present) the authentication is successful (adding the other header with an incorrect value is OK (=auth fails))
• no headers set → authentication goes though

I expected my query to mean (in the context of the incorrect results above)

 select * from users where users.user_name = 'admin' and users.token = ''
 select * from users where users.user_name = '' and users.token = ''

and this query is correct on the console, i.e. produces zero results (ran against the database).

The ORM one, however, seems to discard non-existing headers and assume they are fine (this is at least my understanding)

I also tried to chain the Where clauses via

db.Where(&User{UserName: userHeader}).Where(&User{Token: tokenHeader}).Find(&auth) 

but the result is the same.

What should be the correct query?