diff options
author | René Klačan <rene@klacan.sk> | 2017-06-11 02:29:08 +0200 |
---|---|---|
committer | Eugen Rochko <eugen@zeonfederated.com> | 2017-06-11 02:29:08 +0200 |
commit | dcf0530218c60ff079ca38d7d3707ac80bde7f97 (patch) | |
tree | 97ac2de5c3f9c4a3cd765644c598c818b8a27a95 | |
parent | 47338bc13d6a528ada2840431e8115ea91a948a5 (diff) |
Make sure email is case insensitive on all places (#3688)
When case insensitivity is enabled via devise's `config.case_insensitive_keys` then `.find_for_authentication` method needs to be used instead of `.find_by` because second mentioned returns `nil` when valid email with different cases is passed. More info https://github.com/plataformatec/devise/wiki/How-To:-Use-case-insensitive-emails
-rw-r--r-- | app/controllers/auth/sessions_controller.rb | 2 | ||||
-rw-r--r-- | spec/controllers/auth/sessions_controller_spec.rb | 34 |
2 files changed, 35 insertions, 1 deletions
diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb index 79e3da5f9..bc3bd2f4b 100644 --- a/app/controllers/auth/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@ -27,7 +27,7 @@ class Auth::SessionsController < Devise::SessionsController if session[:otp_user_id] User.find(session[:otp_user_id]) elsif user_params[:email] - User.find_by(email: user_params[:email]) + User.find_for_authentication(email: user_params[:email]) end end diff --git a/spec/controllers/auth/sessions_controller_spec.rb b/spec/controllers/auth/sessions_controller_spec.rb index 525b8254d..06fdbaabc 100644 --- a/spec/controllers/auth/sessions_controller_spec.rb +++ b/spec/controllers/auth/sessions_controller_spec.rb @@ -65,6 +65,20 @@ RSpec.describe Auth::SessionsController, type: :controller do end end + context 'using email with uppercase letters' do + before do + post :create, params: { user: { email: user.email.upcase, password: user.password } } + end + + it 'redirects to home' do + expect(response).to redirect_to(root_path) + end + + it 'logs the user in' do + expect(controller.current_user).to eq user + end + end + context 'using an invalid password' do before do post :create, params: { user: { email: user.email, password: 'wrongpw' } } @@ -129,6 +143,26 @@ RSpec.describe Auth::SessionsController, type: :controller do return codes end + context 'using email and password' do + before do + post :create, params: { user: { email: user.email, password: user.password } } + end + + it 'renders two factor authentication page' do + expect(controller).to render_template("two_factor") + end + end + + context 'using upcase email and password' do + before do + post :create, params: { user: { email: user.email.upcase, password: user.password } } + end + + it 'renders two factor authentication page' do + expect(controller).to render_template("two_factor") + end + end + context 'using a valid OTP' do before do post :create, params: { user: { otp_attempt: user.current_otp } }, session: { otp_user_id: user.id } |