From 8269a9f774e3e41c0ddd0b4c2913dcc000cdbb82 Mon Sep 17 00:00:00 2001 From: Greg Mefford Date: Sun, 20 Jun 2010 14:07:35 -0500 Subject: [PATCH 1/2] Made User.login validation case-insensitive. --- app/models/user.rb | 2 +- test/unit/user_test.rb | 15 +++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/app/models/user.rb b/app/models/user.rb index a38a091701e..cfb04d1bddd 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -53,7 +53,7 @@ class User < Principal attr_protected :login, :admin, :password, :password_confirmation, :hashed_password, :group_ids validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) } - validates_uniqueness_of :login, :if => Proc.new { |user| !user.login.blank? } + validates_uniqueness_of :login, :if => Proc.new { |user| !user.login.blank? }, :case_sensitive => false validates_uniqueness_of :mail, :if => Proc.new { |user| !user.mail.blank? }, :case_sensitive => false # Login must contain lettres, numbers, underscores only validates_format_of :login, :with => /^[a-z0-9_\-@\.]*$/i diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb index 77a9ee98476..47c7dbe34fd 100644 --- a/test/unit/user_test.rb +++ b/test/unit/user_test.rb @@ -55,6 +55,21 @@ def test_create assert user.save end + context "User.login" do + should "be case-insensitive." do + u = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo") + u.login = 'newuser' + u.password, u.password_confirmation = "password", "password" + assert u.save + + u = User.new(:firstname => "Similar", :lastname => "User", :mail => "similaruser@somenet.foo") + u.login = 'NewUser' + u.password, u.password_confirmation = "password", "password" + assert !u.save + assert_equal I18n.translate('activerecord.errors.messages.taken'), u.errors.on(:login) + end + end + def test_mail_uniqueness_should_not_be_case_sensitive u = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo") u.login = 'newuser1' From 022c8addba1714bc47e90747e33533702fcb1ca6 Mon Sep 17 00:00:00 2001 From: Greg Mefford Date: Sun, 20 Jun 2010 14:30:43 -0500 Subject: [PATCH 2/2] Added case-insensitive fail-over for user login names. --- app/models/user.rb | 11 ++++++++++- test/unit/user_test.rb | 8 ++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/app/models/user.rb b/app/models/user.rb index cfb04d1bddd..5d0254ee1c7 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -96,7 +96,7 @@ def identity_url=(url) def self.try_to_login(login, password) # Make sure no one can sign in with an empty password return nil if password.to_s.empty? - user = find(:first, :conditions => ["login=?", login]) + user = find_by_login(login) if user # user is already in local database return nil if !user.active? @@ -222,6 +222,15 @@ def notified_project_ids=(ids) notified_projects_ids end + # case-insensitive fall-over + def self.find_by_login(login) + # First look for an exact match + user = find(:first, :conditions => ["login = ?", login]) + # Fail over to case-insensitive if none was found + user = find(:first, :conditions => ["LOWER(login) = ?", login.to_s.downcase]) if user.nil? + return user + end + def self.find_by_rss_key(key) token = Token.find_by_value(key) token && token.user.active? ? token.user : nil diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb index 47c7dbe34fd..a72781dc240 100644 --- a/test/unit/user_test.rb +++ b/test/unit/user_test.rb @@ -103,6 +103,14 @@ def test_validate assert_equal 1, @admin.errors.count end + context "User#try_to_login" do + should "fall-back to case-insensitive if user login is not found as-typed." do + user = User.try_to_login("AdMin", "admin") + assert_kind_of User, user + assert_equal "admin", user.login + end + end + def test_password user = User.try_to_login("admin", "admin") assert_kind_of User, user