Make PasswordsController#create case-insensitive

* Centralize email normalization logic in `User.normalize_email`. * Implement `User.find_by_normalized_email`.
thoughtbot · Feb 22, 2013 · 028a1cd · 028a1cd
1 parent 2999c25
commit 028a1cd
Show file tree

Hide file tree

Showing 7 changed files with 44 additions and 6 deletions.
diff --git a/app/controllers/clearance/passwords_controller.rb b/app/controllers/clearance/passwords_controller.rb
@@ -53,7 +53,7 @@ def find_user_by_id_and_confirmation_token
   end
 
   def find_user_for_create
-    Clearance.configuration.user_model.find_by_email params[:password][:email]
+    Clearance.configuration.user_model.find_by_normalized_email params[:password][:email]
   end
 
   def find_user_for_edit

diff --git a/gemfiles/3.0.20.gemfile.lock b/gemfiles/3.0.20.gemfile.lock
@@ -1,5 +1,5 @@
 PATH
-  remote: /Users/jferris/Source/clearance
+  remote: /Users/croaky/dev/clearance
   specs:
     clearance (1.0.0.rc4)
       bcrypt-ruby

diff --git a/gemfiles/3.1.11.gemfile.lock b/gemfiles/3.1.11.gemfile.lock
@@ -1,5 +1,5 @@
 PATH
-  remote: /Users/jferris/Source/clearance
+  remote: /Users/croaky/dev/clearance
   specs:
     clearance (1.0.0.rc4)
       bcrypt-ruby

diff --git a/gemfiles/3.2.12.gemfile.lock b/gemfiles/3.2.12.gemfile.lock
@@ -1,5 +1,5 @@
 PATH
-  remote: /Users/jferris/Source/clearance
+  remote: /Users/croaky/dev/clearance
   specs:
     clearance (1.0.0.rc4)
       bcrypt-ruby

diff --git a/lib/clearance/user.rb b/lib/clearance/user.rb
@@ -16,12 +16,20 @@ module User
 
     module ClassMethods
       def authenticate(email, password)
-        if user = find_by_email(email.to_s.downcase)
+        if user = find_by_normalized_email(email)
           if user.authenticated? password
             return user
           end
         end
       end
+
+      def find_by_normalized_email(email)
+        find_by_email normalize_email(email)
+      end
+
+      def normalize_email(email)
+        email.to_s.downcase.gsub(/\s+/, "")
+      end
     end
 
     module Validations
@@ -70,7 +78,7 @@ def update_password(new_password)
     private
 
     def normalize_email
-      self.email = email.to_s.downcase.gsub(/\s+/, "")
+      self.email = self.class.normalize_email(email)
     end
 
     def email_optional?

diff --git a/spec/controllers/passwords_controller_spec.rb b/spec/controllers/passwords_controller_spec.rb
@@ -35,6 +35,20 @@
         it { should respond_with(:success) }
       end
 
+      describe 'with correct email address capitalized differently' do
+        before do
+          ActionMailer::Base.deliveries.clear
+          post :create, :password => { :email => @user.email.upcase }
+        end
+
+        it 'should generate a token for the change your password email' do
+          @user.reload.confirmation_token.should_not be_nil
+        end
+
+        it { should have_sent_email.with_subject(/change your password/i) }
+        it { should respond_with(:success) }
+      end
+
       describe 'with incorrect email address' do
         before do
           email = 'user1@example.com'

diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
@@ -49,6 +49,12 @@
         should_not be
       @user.should_not be_authenticated('bad password')
     end
+
+    it 'is retrieved via a case-insensitive search' do
+      (Clearance.configuration.user_model.find_by_normalized_email(@user.email.upcase)).
+        should be
+      @user
+    end
   end
 
   describe 'when resetting authentication with reset_remember_token!' do
@@ -175,6 +181,16 @@ def password_optional?
     end
   end
 
+  describe 'email address normalization' do
+    let(:email) { 'Jo hn.Do e @exa mp le.c om' }
+
+    it 'downcases the address and strips spaces' do
+      (Clearance.configuration.user_model.normalize_email(email)).
+        should be
+      'john.doe@example.com'
+    end
+  end
+
   describe 'the password setter on a User' do
     let(:password) { 'a-password' }
     before { subject.send(:password=, password) }