mirror of
https://github.com/mastodon/mastodon.git
synced 2024-11-21 12:05:07 +01:00
Make sure email is case insensitive on all places (#3688)
When case insensitivity is enabled via devise's `config.case_insensitive_keys` then `.find_for_authentication` method needs to be used instead of `.find_by` because second mentioned returns `nil` when valid email with different cases is passed. More info https://github.com/plataformatec/devise/wiki/How-To:-Use-case-insensitive-emails
This commit is contained in:
parent
47338bc13d
commit
dcf0530218
@ -27,7 +27,7 @@ class Auth::SessionsController < Devise::SessionsController
|
||||
if session[:otp_user_id]
|
||||
User.find(session[:otp_user_id])
|
||||
elsif user_params[:email]
|
||||
User.find_by(email: user_params[:email])
|
||||
User.find_for_authentication(email: user_params[:email])
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -65,6 +65,20 @@ RSpec.describe Auth::SessionsController, type: :controller do
|
||||
end
|
||||
end
|
||||
|
||||
context 'using email with uppercase letters' do
|
||||
before do
|
||||
post :create, params: { user: { email: user.email.upcase, password: user.password } }
|
||||
end
|
||||
|
||||
it 'redirects to home' do
|
||||
expect(response).to redirect_to(root_path)
|
||||
end
|
||||
|
||||
it 'logs the user in' do
|
||||
expect(controller.current_user).to eq user
|
||||
end
|
||||
end
|
||||
|
||||
context 'using an invalid password' do
|
||||
before do
|
||||
post :create, params: { user: { email: user.email, password: 'wrongpw' } }
|
||||
@ -129,6 +143,26 @@ RSpec.describe Auth::SessionsController, type: :controller do
|
||||
return codes
|
||||
end
|
||||
|
||||
context 'using email and password' do
|
||||
before do
|
||||
post :create, params: { user: { email: user.email, password: user.password } }
|
||||
end
|
||||
|
||||
it 'renders two factor authentication page' do
|
||||
expect(controller).to render_template("two_factor")
|
||||
end
|
||||
end
|
||||
|
||||
context 'using upcase email and password' do
|
||||
before do
|
||||
post :create, params: { user: { email: user.email.upcase, password: user.password } }
|
||||
end
|
||||
|
||||
it 'renders two factor authentication page' do
|
||||
expect(controller).to render_template("two_factor")
|
||||
end
|
||||
end
|
||||
|
||||
context 'using a valid OTP' do
|
||||
before do
|
||||
post :create, params: { user: { otp_attempt: user.current_otp } }, session: { otp_user_id: user.id }
|
||||
|
Loading…
Reference in New Issue
Block a user