cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SessionsController: strip username

Browse source
This commit is contained in:
Simon Legner 2024-02-11 21:20:27 +01:00
parent 90fd22e2a3
commit a0aef5c722
2 changed files with 9 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/sessions_controller.rb
View file

@ -20,7 +20,7 @@ class SessionsController < ApplicationController
def create
session[:remember_me] ||= params[:remember_me]
session[:referer] = safe_referer(params[:referer]) if params[:referer]
password_authentication(params[:username], params[:password])
password_authentication(params[:username].strip, params[:password])
end
def destroy

8
test/controllers/sessions_controller_test.rb
View file

@ -48,6 +48,14 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
post login_path, :params => { :username => user.display_name, :password => "test" }
assert_response :redirect
assert_redirected_to root_path
post login_path, :params => { :username => " #{user.display_name}", :password => "test" }
assert_response :redirect
assert_redirected_to root_path
post login_path, :params => { :username => "#{user.display_name} ", :password => "test" }
assert_response :redirect
assert_redirected_to root_path
end
def test_logout_without_referer