Commit 7bd21d78 authored by maeda's avatar maeda

Fix: Strip whitespace from email addresses on lost password page (#27754).

Patch by Felix Schäfer.


git-svn-id: https://svn.redmine.org/redmine/trunk@17078 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent f1b67313
......@@ -98,7 +98,7 @@ class AccountController < ApplicationController
return
else
if request.post?
email = params[:mail].to_s
email = params[:mail].to_s.strip
user = User.find_by_mail(email)
# user not found
unless user
......
......@@ -385,6 +385,21 @@ class AccountControllerTest < Redmine::ControllerTest
end
end
def test_lost_password_with_whitespace_should_send_email_to_the_address
Token.delete_all
assert_difference 'ActionMailer::Base.deliveries.size' do
assert_difference 'Token.count' do
post :lost_password, params: {
mail: ' JSmith@somenet.foo '
}
assert_redirected_to '/login'
end
end
mail = ActionMailer::Base.deliveries.last
assert_equal ['jsmith@somenet.foo'], mail.bcc
end
def test_lost_password_using_additional_email_address_should_send_email_to_the_address
EmailAddress.create!(:user_id => 2, :address => 'anotherAddress@foo.bar')
Token.delete_all
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment