Strip whitespace from login on login page (#22532).

Patch by Artur Borisovich and Marius BALTEANU.

git-svn-id: http://svn.redmine.org/redmine/trunk@17113 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/app/models/user.rb b/app/models/user.rb
index 7cdf78678714a0f6b8c808fb2ffe1a79129f047c..4440edf1c7d30f08dada35ffb201a8a45802ba3a 100644 (file)
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -216,7 +216,7 @@ class User < Principal
 
   # Returns the user that matches provided login and password, or nil
   def self.try_to_login(login, password, active_only=true)
-    login = login.to_s
+    login = login.to_s.strip
     password = password.to_s
 
     # Make sure no one can sign in with an empty login or password

diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb
index d25a00331170cd20ba9771b4e0ad12c29e0cfae6..fbeb457b1c16de6358f4bbe96fde2ad62a1b80f6 100644 (file)
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@@ -220,6 +220,15 @@ class AccountControllerTest < Redmine::ControllerTest
     assert_response 302
   end
 
+  def test_login_should_strip_whitespaces_from_user_name
+    post :login, :params => {
+        :username => ' jsmith ',
+        :password => 'jsmith'
+      }
+    assert_response 302
+    assert_equal 2, @request.session[:user_id]
+  end
+
   def test_get_logout_should_not_logout
     @request.session[:user_id] = 2
     get :logout