Merged r17113 to 3.4-stable (#22532).

git-svn-id: http://svn.redmine.org/redmine/branches/3.4-stable@17114 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/app/models/user.rb b/app/models/user.rb
index 62a0289f067add02d314ade307d7f30b26c28b4d..3578566096701444c6229031632b58314a8b66b6 100644 (file)
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -219,7 +219,7 @@ class User < Principal
 
   # Returns the user that matches provided login and password, or nil
   def self.try_to_login(login, password, active_only=true)
-    login = login.to_s
+    login = login.to_s.strip
     password = password.to_s
 
     # Make sure no one can sign in with an empty login or password

diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb
index d25a00331170cd20ba9771b4e0ad12c29e0cfae6..fbeb457b1c16de6358f4bbe96fde2ad62a1b80f6 100644 (file)
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@@ -220,6 +220,15 @@ class AccountControllerTest < Redmine::ControllerTest
     assert_response 302
   end
 
+  def test_login_should_strip_whitespaces_from_user_name
+    post :login, :params => {
+        :username => ' jsmith ',
+        :password => 'jsmith'
+      }
+    assert_response 302
+    assert_equal 2, @request.session[:user_id]
+  end
+
   def test_get_logout_should_not_logout
     @request.session[:user_id] = 2
     get :logout