Fix: Strip whitespace from email addresses on lost password page (#27754).

Patch by Felix Schäfer.

git-svn-id: http://svn.redmine.org/redmine/trunk@17078 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index 7f51343ddbd6972ce9f45c1c215cf0202b1c9781..d6e1da885479b2174b73498ad0fc529230ad59b9 100644 (file)
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -98,7 +98,7 @@ class AccountController < ApplicationController
       return
     else
       if request.post?
-        email = params[:mail].to_s
+        email = params[:mail].to_s.strip
         user = User.find_by_mail(email)
         # user not found
         unless user

diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb
index 7850a9a0d5196ace8ba289e7cb57a50a0cf9fd35..d25a00331170cd20ba9771b4e0ad12c29e0cfae6 100644 (file)
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@@ -385,6 +385,21 @@ class AccountControllerTest < Redmine::ControllerTest
     end
   end
 
+  def test_lost_password_with_whitespace_should_send_email_to_the_address
+    Token.delete_all
+
+    assert_difference 'ActionMailer::Base.deliveries.size' do
+      assert_difference 'Token.count' do
+        post :lost_password, params: {
+          mail: ' JSmith@somenet.foo  '
+        }
+        assert_redirected_to '/login'
+      end
+    end
+    mail = ActionMailer::Base.deliveries.last
+    assert_equal ['jsmith@somenet.foo'], mail.bcc
+  end
+
   def test_lost_password_using_additional_email_address_should_send_email_to_the_address
     EmailAddress.create!(:user_id => 2, :address => 'anotherAddress@foo.bar')
     Token.delete_all