Strip whitespace from username/login value for user lookup

As per the discussion with @psimyn, this change does not affect the frontend, so user input will not be validated on the signin screen. Instead, the value sent to the backend has leading and trailing whitespace stripped before looking up the user with find_by. Closes #42637
author: Peter Lauck <griest024@gmail.com> 2018-02-13 10:21:42 +0300
committer: Peter Lauck <griest024@gmail.com> 2018-02-13 10:21:51 +0300
commit: eddf4c0f6cb6125a30cbc2528a468d2c3d5a48e0 (patch)
tree: 77d00e2c503730aa398d888b6edd5ad30ed0d8d3 /app/models/user.rb
parent: 201f53e96d26d4babfc6a4492576f873219d4e6f (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app/models/user.rb b/app/models/user.rb
index 4097fe2b5dc..5e84d2da805 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -249,7 +249,7 @@ class User < ActiveRecord::Base
     def find_for_database_authentication(warden_conditions)
       conditions = warden_conditions.dup
       if login = conditions.delete(:login)
-        where(conditions).find_by("lower(username) = :value OR lower(email) = :value", value: login.downcase)
+        where(conditions).find_by("lower(username) = :value OR lower(email) = :value", value: login.downcase.strip)
       else
         find_by(conditions)
       end
author	Peter Lauck <griest024@gmail.com>	2018-02-13 10:21:42 +0300
committer	Peter Lauck <griest024@gmail.com>	2018-02-13 10:21:51 +0300
commit	eddf4c0f6cb6125a30cbc2528a468d2c3d5a48e0 (patch)
tree	77d00e2c503730aa398d888b6edd5ad30ed0d8d3 /app/models/user.rb
parent	201f53e96d26d4babfc6a4492576f873219d4e6f (diff)