From 01085249abeed47f56d13434f47f11bccca0fb40 Mon Sep 17 00:00:00 2001 From: Go MAEDA Date: Fri, 8 Dec 2017 08:27:27 +0000 Subject: [PATCH] Fix: Strip whitespace from email addresses on lost password page (#27754). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Patch by Felix Schäfer. git-svn-id: http://svn.redmine.org/redmine/trunk@17078 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/account_controller.rb | 2 +- test/functional/account_controller_test.rb | 15 +++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index 7f51343dd..d6e1da885 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -98,7 +98,7 @@ class AccountController < ApplicationController return else if request.post? - email = params[:mail].to_s + email = params[:mail].to_s.strip user = User.find_by_mail(email) # user not found unless user diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb index 7850a9a0d..d25a00331 100644 --- a/test/functional/account_controller_test.rb +++ b/test/functional/account_controller_test.rb @@ -385,6 +385,21 @@ class AccountControllerTest < Redmine::ControllerTest end end + def test_lost_password_with_whitespace_should_send_email_to_the_address + Token.delete_all + + assert_difference 'ActionMailer::Base.deliveries.size' do + assert_difference 'Token.count' do + post :lost_password, params: { + mail: ' JSmith@somenet.foo ' + } + assert_redirected_to '/login' + end + end + mail = ActionMailer::Base.deliveries.last + assert_equal ['jsmith@somenet.foo'], mail.bcc + end + def test_lost_password_using_additional_email_address_should_send_email_to_the_address EmailAddress.create!(:user_id => 2, :address => 'anotherAddress@foo.bar') Token.delete_all