From a4931262d0bd377833bdb6b082e2e9f930b661ff Mon Sep 17 00:00:00 2001 From: Go MAEDA Date: Wed, 13 Dec 2017 13:58:32 +0000 Subject: [PATCH] Strip whitespace from login on login page (#22532). Patch by Artur Borisovich and Marius BALTEANU. git-svn-id: http://svn.redmine.org/redmine/trunk@17113 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/models/user.rb | 2 +- test/functional/account_controller_test.rb | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/app/models/user.rb b/app/models/user.rb index 7cdf78678..4440edf1c 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -216,7 +216,7 @@ class User < Principal # Returns the user that matches provided login and password, or nil def self.try_to_login(login, password, active_only=true) - login = login.to_s + login = login.to_s.strip password = password.to_s # Make sure no one can sign in with an empty login or password diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb index d25a00331..fbeb457b1 100644 --- a/test/functional/account_controller_test.rb +++ b/test/functional/account_controller_test.rb @@ -220,6 +220,15 @@ class AccountControllerTest < Redmine::ControllerTest assert_response 302 end + def test_login_should_strip_whitespaces_from_user_name + post :login, :params => { + :username => ' jsmith ', + :password => 'jsmith' + } + assert_response 302 + assert_equal 2, @request.session[:user_id] + end + def test_get_logout_should_not_logout @request.session[:user_id] = 2 get :logout -- 2.39.5