diff options
| author | Peter Lauck <griest024@gmail.com> | 2018-02-13 02:21:42 -0500 |
|---|---|---|
| committer | Peter Lauck <griest024@gmail.com> | 2018-02-13 02:21:51 -0500 |
| commit | eddf4c0f6cb6125a30cbc2528a468d2c3d5a48e0 (patch) | |
| tree | 77d00e2c503730aa398d888b6edd5ad30ed0d8d3 | |
| parent | 201f53e96d26d4babfc6a4492576f873219d4e6f (diff) | |
| download | gitlab-ce-eddf4c0f6cb6125a30cbc2528a468d2c3d5a48e0.tar.gz | |
Strip whitespace from username/login value for user lookup
As per the discussion with @psimyn, this change does not affect the frontend, so user input will not be validated on the signin screen.
Instead, the value sent to the backend has leading and trailing whitespace stripped before looking up the user with find_by.
Closes #42637
| -rw-r--r-- | app/models/user.rb | 2 | ||||
| -rw-r--r-- | changelogs/unreleased/change-strip-whitespace-from-username-input-42637.yml | 5 | ||||
| -rw-r--r-- | spec/models/user_spec.rb | 8 |
3 files changed, 14 insertions, 1 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index 4097fe2b5dc..5e84d2da805 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -249,7 +249,7 @@ class User < ActiveRecord::Base def find_for_database_authentication(warden_conditions) conditions = warden_conditions.dup if login = conditions.delete(:login) - where(conditions).find_by("lower(username) = :value OR lower(email) = :value", value: login.downcase) + where(conditions).find_by("lower(username) = :value OR lower(email) = :value", value: login.downcase.strip) else find_by(conditions) end diff --git a/changelogs/unreleased/change-strip-whitespace-from-username-input-42637.yml b/changelogs/unreleased/change-strip-whitespace-from-username-input-42637.yml new file mode 100644 index 00000000000..a51781396ee --- /dev/null +++ b/changelogs/unreleased/change-strip-whitespace-from-username-input-42637.yml @@ -0,0 +1,5 @@ +--- +title: Remove whitespace from the username/email sign in form field +merge_request: 17020 +author: Peter lauck +type: changed diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 76a6aef39cc..1815696a8a0 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -893,6 +893,14 @@ describe User do end end + describe '.find_for_database_authentication' do + it 'strips whitespace from login' do + user = create(:user) + + expect(described_class.find_for_database_authentication({ login: " #{user.username} " })).to eq user + end + end + describe '.find_by_any_email' do it 'finds by primary email' do user = create(:user, email: 'foo@example.com') |