Permalink
Browse files

Make PasswordsController#create case-insensitive

* Centralize email normalization logic in `User.normalize_email`.
* Implement `User.find_by_normalized_email`.
  • Loading branch information...
1 parent 2999c25 commit 028a1cdb60f1e2cb79440ad09c799fe930aa7921 @agraves agraves committed with croaky Feb 12, 2013
@@ -53,7 +53,7 @@ def find_user_by_id_and_confirmation_token
end
def find_user_for_create
- Clearance.configuration.user_model.find_by_email params[:password][:email]
+ Clearance.configuration.user_model.find_by_normalized_email params[:password][:email]
end
def find_user_for_edit
@@ -1,5 +1,5 @@
PATH
- remote: /Users/jferris/Source/clearance
+ remote: /Users/croaky/dev/clearance
specs:
clearance (1.0.0.rc4)
bcrypt-ruby
@@ -1,5 +1,5 @@
PATH
- remote: /Users/jferris/Source/clearance
+ remote: /Users/croaky/dev/clearance
specs:
clearance (1.0.0.rc4)
bcrypt-ruby
@@ -1,5 +1,5 @@
PATH
- remote: /Users/jferris/Source/clearance
+ remote: /Users/croaky/dev/clearance
specs:
clearance (1.0.0.rc4)
bcrypt-ruby
View
@@ -16,12 +16,20 @@ module User
module ClassMethods
def authenticate(email, password)
- if user = find_by_email(email.to_s.downcase)
+ if user = find_by_normalized_email(email)
if user.authenticated? password
return user
end
end
end
+
+ def find_by_normalized_email(email)
+ find_by_email normalize_email(email)
+ end
+
+ def normalize_email(email)
+ email.to_s.downcase.gsub(/\s+/, "")
+ end
end
module Validations
@@ -70,7 +78,7 @@ def update_password(new_password)
private
def normalize_email
- self.email = email.to_s.downcase.gsub(/\s+/, "")
+ self.email = self.class.normalize_email(email)
end
def email_optional?
@@ -35,6 +35,20 @@
it { should respond_with(:success) }
end
+ describe 'with correct email address capitalized differently' do
+ before do
+ ActionMailer::Base.deliveries.clear
+ post :create, :password => { :email => @user.email.upcase }
+ end
+
+ it 'should generate a token for the change your password email' do
+ @user.reload.confirmation_token.should_not be_nil
+ end
+
+ it { should have_sent_email.with_subject(/change your password/i) }
+ it { should respond_with(:success) }
+ end
+
describe 'with incorrect email address' do
before do
email = 'user1@example.com'
View
@@ -49,6 +49,12 @@
should_not be
@user.should_not be_authenticated('bad password')
end
+
+ it 'is retrieved via a case-insensitive search' do
+ (Clearance.configuration.user_model.find_by_normalized_email(@user.email.upcase)).
+ should be
+ @user
+ end
end
describe 'when resetting authentication with reset_remember_token!' do
@@ -175,6 +181,16 @@ def password_optional?
end
end
+ describe 'email address normalization' do
+ let(:email) { 'Jo hn.Do e @exa mp le.c om' }
+
+ it 'downcases the address and strips spaces' do
+ (Clearance.configuration.user_model.normalize_email(email)).
+ should be
+ 'john.doe@example.com'
+ end
+ end
+
describe 'the password setter on a User' do
let(:password) { 'a-password' }
before { subject.send(:password=, password) }

0 comments on commit 028a1cd

Please sign in to comment.