strip whitespace around username on login

fixes CNVS-7857 test-plan: - try to log in as a user when using extra whitespace around their username Change-Id: Ia230d7caf784562a881f59fed17e393d5c4b4878 Reviewed-on: https://gerrit.instructure.com/24391 Reviewed-by: Cody Cutrer <cody@instructure.com> Tested-by: Jenkins <jenkins@instructure.com> QA-Review: Jeremy Putnam <jeremyp@instructure.com> Product-Review: Jacob Fugal <jacob@instructure.com>
2013-09-16 11:24:20 -06:00 · 2013-09-16 11:24:20 -06:00 · e9393c8ee9
parent e6aadc704b
commit e9393c8ee9
2 changed files with 16 additions and 0 deletions
--- a/app/controllers/pseudonym_sessions_controller.rb
+++ b/app/controllers/pseudonym_sessions_controller.rb
@ -139,6 +139,12 @@ class PseudonymSessionsController < ApplicationController
      return unsuccessful_login(t('errors.blank_password', "No password was given"))
    end

+    # strip leading and trailing whitespace off the entered unique id. some
+    # mobile clients (e.g. android) will add a space after the login when using
+    # autocomplete. this would prevent us from recognizing someone's username,
+    # making them unable to login.
+    params[:pseudonym_session][:unique_id].try(:strip!)
+
    # Try to use authlogic's built-in login approach first
    @pseudonym_session = @domain_root_account.pseudonym_sessions.new(params[:pseudonym_session])
    @pseudonym_session.remote_ip = request.remote_ip
--- a/spec/controllers/pseudonym_sessions_controller_spec.rb
+++ b/spec/controllers/pseudonym_sessions_controller_spec.rb
@ -86,6 +86,16 @@ describe PseudonymSessionsController do
    assigns[:pseudonym_session].should_not be_nil
  end

+  it "password auth should work with extra whitespace around unique id " do
+    user_with_pseudonym(:username => 'jt@instructure.com', :active_all => 1, :password => 'qwerty')
+    post 'create', :pseudonym_session => { :unique_id => ' jt@instructure.com ', :password => 'qwerty'}
+    response.should be_redirect
+    response.should redirect_to(dashboard_url(:login_success => 1))
+    assigns[:user].should == @user
+    assigns[:pseudonym].should == @pseudonym
+    assigns[:pseudonym_session].should_not be_nil
+  end
+
  context "ldap" do
    it "should log in a user with a identifier_format" do
      user_with_pseudonym(:username => '12345', :active_all => 1)