From: Go MAEDA <maeda@farend.jp>
Date: Fri, 8 Dec 2017 08:27:27 +0000 (+0000)
Subject: Fix: Strip whitespace from email addresses on lost password page (#27754).
X-Git-Tag: 4.0.0~461
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=01085249abeed47f56d13434f47f11bccca0fb40;p=redmine.git

Fix: Strip whitespace from email addresses on lost password page (#27754).

Patch by Felix Schäfer.


git-svn-id: http://svn.redmine.org/redmine/trunk@17078 e93f8b46-1217-0410-a6f0-8f06a7374b81
---

diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index 7f51343dd..d6e1da885 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -98,7 +98,7 @@ class AccountController < ApplicationController
       return
     else
       if request.post?
-        email = params[:mail].to_s
+        email = params[:mail].to_s.strip
         user = User.find_by_mail(email)
         # user not found
         unless user
diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb
index 7850a9a0d..d25a00331 100644
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@@ -385,6 +385,21 @@ class AccountControllerTest < Redmine::ControllerTest
     end
   end
 
+  def test_lost_password_with_whitespace_should_send_email_to_the_address
+    Token.delete_all
+
+    assert_difference 'ActionMailer::Base.deliveries.size' do
+      assert_difference 'Token.count' do
+        post :lost_password, params: {
+          mail: ' JSmith@somenet.foo  '
+        }
+        assert_redirected_to '/login'
+      end
+    end
+    mail = ActionMailer::Base.deliveries.last
+    assert_equal ['jsmith@somenet.foo'], mail.bcc
+  end
+
   def test_lost_password_using_additional_email_address_should_send_email_to_the_address
     EmailAddress.create!(:user_id => 2, :address => 'anotherAddress@foo.bar')
     Token.delete_all