From d0ec0508ad4f91d66abb03ab301c5e72ae3f9247 Mon Sep 17 00:00:00 2001
From: Go MAEDA <maeda@farend.jp>
Date: Wed, 13 Dec 2017 14:07:15 +0000
Subject: [PATCH] Merged r17113 to 3.4-stable (#22532).

git-svn-id: http://svn.redmine.org/redmine/branches/3.4-stable@17114 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/models/user.rb                         | 2 +-
 test/functional/account_controller_test.rb | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/app/models/user.rb b/app/models/user.rb
index 62a0289f0..357856609 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -219,7 +219,7 @@ class User < Principal
 
   # Returns the user that matches provided login and password, or nil
   def self.try_to_login(login, password, active_only=true)
-    login = login.to_s
+    login = login.to_s.strip
     password = password.to_s
 
     # Make sure no one can sign in with an empty login or password
diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb
index d25a00331..fbeb457b1 100644
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@@ -220,6 +220,15 @@ class AccountControllerTest < Redmine::ControllerTest
     assert_response 302
   end
 
+  def test_login_should_strip_whitespaces_from_user_name
+    post :login, :params => {
+        :username => ' jsmith ',
+        :password => 'jsmith'
+      }
+    assert_response 302
+    assert_equal 2, @request.session[:user_id]
+  end
+
   def test_get_logout_should_not_logout
     @request.session[:user_id] = 2
     get :logout
-- 
2.39.5