Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fixes #1703 by downcasing usernames before saving them.

Note: This has the implication that all usernames will now be stored downcased.

Conflicts:

	authentication/app/models/refinery/user.rb
	changelog.md
  • Loading branch information...
commit 30c4ef454c88b22c9c880f1f42b965a7cbf03ba5 1 parent 6fcbef7
@parndt parndt authored ugisozols committed
View
14 authentication/app/models/refinery/user.rb
@@ -13,7 +13,8 @@ class User < Refinery::Core::BaseModel
# Include default devise modules. Others available are:
# :token_authenticatable, :confirmable, :lockable and :timeoutable
if self.respond_to?(:devise)
- devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable, :authentication_keys => [:login]
+ devise :database_authenticatable, :registerable, :recoverable, :rememberable,
+ :trackable, :validatable, :authentication_keys => [:login]
end
# Setup accessible (or protected) attributes for your model
@@ -23,6 +24,7 @@ class User < Refinery::Core::BaseModel
attr_accessible :email, :password, :password_confirmation, :remember_me, :username, :plugins, :login
validates :username, :presence => true, :uniqueness => true
+ before_validation :downcase_username
class << self
# Find user by email or username.
@@ -77,7 +79,7 @@ def create_first
save
# add refinery role
add_role(:refinery)
- # add superuser role
+ # add superuser role if there are no other users
add_role(:superuser) if ::Refinery::Role[:refinery].users.count == 1
# add plugins
self.plugins = Refinery::Plugins.registered.in_menu.names
@@ -91,5 +93,13 @@ def to_s
username.to_s
end
+ private
+ # To ensure uniqueness without case sensitivity we first downcase the username.
+ # We do this here and not in SQL is that it will otherwise bypass indexes using LOWER:
+ # SELECT 1 FROM "refinery_users" WHERE LOWER("refinery_users"."username") = LOWER('UsErNAME') LIMIT 1
+ def downcase_username
+ self.username = self.username.downcase if self.username?
+ end
+
end
end
View
5 authentication/spec/models/refinery/user_spec.rb
@@ -68,6 +68,11 @@ module Refinery
User.create!(attr)
User.new(attr.merge(:email => "another@email.com")).should_not be_valid
end
+
+ it "rejects duplicate usernames regardless of case" do
+ User.create!(attr)
+ User.new(attr.merge(:username => attr[:username].upcase, :email => "another@email.com")).should_not be_valid
+ end
end
describe ".find_for_database_authentication" do
View
2  changelog.md
@@ -14,6 +14,8 @@
* Fixed dashboard bug where it wasn't producing proper links for nested pages. [#1696](https://github.com/resolve/refinerycms/pull/1696). [Philip Arndt](https://github.com/parndt)
* Match only &dialog, ?dialog, &width, ?width, &height and ?height in dialog querystrings. [#1397](https://github.com/resolve/refinerycms/issues/1397). [Philip Arndt](https://github.com/parndt)
* Added multiple language support (specified by `Refinery::I18n.frontend_locales`) in `Refinery::Page` seeds file. [#1694](https://github.com/resolve/refinerycms/pull/1694). [Ole Reifschneider](https://github.com/Tranquility)
+* Added `Refinery::Page#canonical` support which allows multiple translations to have one canonical version. [Philip Arndt](https://github.com/parndt)
+* Usernames are validated case insensitively to ensure true uniqueness. [#1703](https://github.com/resolve/refinerycms/issues/1703) [Philip Arndt](https://github.com/parndt)
## 2.0.4 [14 May 2012]
* IMPORTANT: Fixed a security issue whereby the user could bypass some access restrictions in the backend. [#1636](https://github.com/resolve/refinerycms/pull/1636). [Rob Yurkowski](https://github.com/robyurkowski) and [Uģis Ozols](https://github.com/ugisozols)
Please sign in to comment.
Something went wrong with that request. Please try again.