Browse Source

Make sure email is case insensitive on all places (#3688)

When case insensitivity is enabled via devise's `config.case_insensitive_keys` then `.find_for_authentication` method needs to be used instead of `.find_by` because second mentioned returns `nil` when valid email with different cases is passed.

More info https://github.com/plataformatec/devise/wiki/How-To:-Use-case-insensitive-emails
closed-social-v3
René Klačan 7 years ago
committed by Eugen Rochko
parent
commit
dcf0530218
2 changed files with 35 additions and 1 deletions
  1. +1
    -1
      app/controllers/auth/sessions_controller.rb
  2. +34
    -0
      spec/controllers/auth/sessions_controller_spec.rb

+ 1
- 1
app/controllers/auth/sessions_controller.rb View File

@ -27,7 +27,7 @@ class Auth::SessionsController < Devise::SessionsController
if session[:otp_user_id]
User.find(session[:otp_user_id])
elsif user_params[:email]
User.find_by(email: user_params[:email])
User.find_for_authentication(email: user_params[:email])
end
end

+ 34
- 0
spec/controllers/auth/sessions_controller_spec.rb View File

@ -65,6 +65,20 @@ RSpec.describe Auth::SessionsController, type: :controller do
end
end
context 'using email with uppercase letters' do
before do
post :create, params: { user: { email: user.email.upcase, password: user.password } }
end
it 'redirects to home' do
expect(response).to redirect_to(root_path)
end
it 'logs the user in' do
expect(controller.current_user).to eq user
end
end
context 'using an invalid password' do
before do
post :create, params: { user: { email: user.email, password: 'wrongpw' } }
@ -129,6 +143,26 @@ RSpec.describe Auth::SessionsController, type: :controller do
return codes
end
context 'using email and password' do
before do
post :create, params: { user: { email: user.email, password: user.password } }
end
it 'renders two factor authentication page' do
expect(controller).to render_template("two_factor")
end
end
context 'using upcase email and password' do
before do
post :create, params: { user: { email: user.email.upcase, password: user.password } }
end
it 'renders two factor authentication page' do
expect(controller).to render_template("two_factor")
end
end
context 'using a valid OTP' do
before do
post :create, params: { user: { otp_attempt: user.current_otp } }, session: { otp_user_id: user.id }

Loading…
Cancel
Save