From: Go MAEDA Date: Wed, 13 Dec 2017 14:07:15 +0000 (+0000) Subject: Merged r17113 to 3.4-stable (#22532). X-Git-Tag: 3.4.4~14 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=d0ec0508ad4f91d66abb03ab301c5e72ae3f9247;p=redmine.git Merged r17113 to 3.4-stable (#22532). git-svn-id: http://svn.redmine.org/redmine/branches/3.4-stable@17114 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- diff --git a/app/models/user.rb b/app/models/user.rb index 62a0289f0..357856609 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -219,7 +219,7 @@ class User < Principal # Returns the user that matches provided login and password, or nil def self.try_to_login(login, password, active_only=true) - login = login.to_s + login = login.to_s.strip password = password.to_s # Make sure no one can sign in with an empty login or password diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb index d25a00331..fbeb457b1 100644 --- a/test/functional/account_controller_test.rb +++ b/test/functional/account_controller_test.rb @@ -220,6 +220,15 @@ class AccountControllerTest < Redmine::ControllerTest assert_response 302 end + def test_login_should_strip_whitespaces_from_user_name + post :login, :params => { + :username => ' jsmith ', + :password => 'jsmith' + } + assert_response 302 + assert_equal 2, @request.session[:user_id] + end + def test_get_logout_should_not_logout @request.session[:user_id] = 2 get :logout