avoids conflicts with users using email as username

2017-06-12 18:54:39 +02:00
parent 3f11dbe1d5
commit ed30051653
2 changed files with 84 additions and 36 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -292,7 +292,8 @@ class User < ActiveRecord::Base
  def self.find_for_database_authentication(warden_conditions)
    conditions = warden_conditions.dup
    if login = conditions.delete(:login)
-      where(conditions.to_hash).where(["lower(email) = ? OR username = ?", login.downcase, login]).first
+      where(conditions.to_hash).where(["lower(email) = ?", login.downcase]).first ||
+      where(conditions.to_hash).where(["username = ?", login]).first
    elsif conditions.has_key?(:username) || conditions.has_key?(:email)
      where(conditions.to_hash).first
    end
--- a/spec/features/users_auth_spec.rb
+++ b/spec/features/users_auth_spec.rb
@@ -3,55 +3,102 @@ require 'rails_helper'
 feature 'Users' do

  context 'Regular authentication' do
-    scenario 'Sign up' do
-      visit '/'
-      click_link 'Register'
+    context 'Sign up' do

-      fill_in 'user_username',              with: 'Manuela Carmena'
-      fill_in 'user_email',                 with: 'manuela@consul.dev'
-      fill_in 'user_password',              with: 'judgementday'
-      fill_in 'user_password_confirmation', with: 'judgementday'
-      check 'user_terms_of_service'
+      scenario 'Success' do
+        visit '/'
+        click_link 'Register'

-      click_button 'Register'
+        fill_in 'user_username',              with: 'Manuela Carmena'
+        fill_in 'user_email',                 with: 'manuela@consul.dev'
+        fill_in 'user_password',              with: 'judgementday'
+        fill_in 'user_password_confirmation', with: 'judgementday'
+        check 'user_terms_of_service'

-      expect(page).to have_content "You have been sent a message containing a verification link. Please click on this link to activate your account."
+        click_button 'Register'

-      confirm_email
+        expect(page).to have_content "You have been sent a message containing a verification link. Please click on this link to activate your account."
+
+        confirm_email
+
+        expect(page).to have_content "Your account has been confirmed."
+      end
+
+      scenario 'Errors on sign up' do
+        visit '/'
+        click_link 'Register'
+        click_button 'Register'
+
+        expect(page).to have_content error_message
+      end

-      expect(page).to have_content "Your account has been confirmed."
    end

-    scenario 'Errors on sign up' do
-      visit '/'
-      click_link 'Register'
-      click_button 'Register'
+    context 'Sign in' do

-      expect(page).to have_content error_message
-    end
+      scenario 'sign in with email' do
+        create(:user, email: 'manuela@consul.dev', password: 'judgementday')

-    scenario 'Sign in' do
-      create(:user, email: 'manuela@consul.dev', password: 'judgementday')
+        visit '/'
+        click_link 'Sign in'
+        fill_in 'user_login',    with: 'manuela@consul.dev'
+        fill_in 'user_password', with: 'judgementday'
+        click_button 'Enter'

-      visit '/'
-      click_link 'Sign in'
-      fill_in 'user_login',    with: 'manuela@consul.dev'
-      fill_in 'user_password', with: 'judgementday'
-      click_button 'Enter'
+        expect(page).to have_content 'You have been signed in successfully.'
+      end

-      expect(page).to have_content 'You have been signed in successfully.'
-    end
+      scenario 'Sign in with username' do
+        create(:user, username: '👻👽👾🤖', email: 'ash@nostromo.dev', password: 'xenomorph')

-    scenario 'Sign in with username' do
-      create(:user, username: 'larry', email: 'manuela@consul.dev', password: 'judgementday')
+        visit '/'
+        click_link 'Sign in'
+        fill_in 'user_login',    with: '👻👽👾🤖'
+        fill_in 'user_password', with: 'xenomorph'
+        click_button 'Enter'

-      visit '/'
-      click_link 'Sign in'
-      fill_in 'user_login',    with: 'larry'
-      fill_in 'user_password', with: 'judgementday'
-      click_button 'Enter'
+        expect(page).to have_content 'You have been signed in successfully.'
+      end

-      expect(page).to have_content 'You have been signed in successfully.'
+      scenario 'Avoid username-email collisions' do
+        u1 = create(:user, username: 'Spidey', email: 'peter@nyc.dev', password: 'greatpower')
+        u2 = create(:user, username: 'peter@nyc.dev', email: 'venom@nyc.dev', password: 'symbiote')
+
+        visit '/'
+        click_link 'Sign in'
+        fill_in 'user_login',    with: 'peter@nyc.dev'
+        fill_in 'user_password', with: 'greatpower'
+        click_button 'Enter'
+
+        expect(page).to have_content 'You have been signed in successfully.'
+
+        visit account_path
+
+        expect(page).to have_link 'My activity', href: user_path(u1)
+
+        visit '/'
+        click_link 'Sign out'
+
+        expect(page).to have_content 'You have been signed out successfully.'
+
+        click_link 'Sign in'
+        fill_in 'user_login',    with: 'peter@nyc.dev'
+        fill_in 'user_password', with: 'symbiote'
+        click_button 'Enter'
+
+        expect(page).to_not have_content 'You have been signed in successfully.'
+        expect(page).to have_content 'Invalid login or password.'
+
+        fill_in 'user_login',    with: 'venom@nyc.dev'
+        fill_in 'user_password', with: 'symbiote'
+        click_button 'Enter'
+
+        expect(page).to have_content 'You have been signed in successfully.'
+
+        visit account_path
+
+        expect(page).to have_link 'My activity', href: user_path(u2)
+      end
    end
  end