Skip to content

Commit

Permalink
Merge pull request #396 from jvlcek/bz1590398_mixed_case_userid
Browse files Browse the repository at this point in the history 
Ignore case of the userid when validating it.
  • Loading branch information
@abellotti
abellotti authored Jun 21, 2018
2 parents f0d2a2f + 4349932 commit 956c0d5
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 8 deletions.
2 changes: 1 addition & 1 deletion lib/services/api/user_token_service.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ def log_init(mod, name, options)
end

def validate_userid(userid)
raise "Invalid userid #{userid} specified" unless User.exists?(:userid => userid)
raise "Invalid userid #{userid} specified" unless User.in_my_region.where('lower(userid) = ?', userid.downcase).exists?
end
end
end
20 changes: 13 additions & 7 deletions spec/lib/services/api/user_token_service_spec.rb
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
RSpec.describe Api::UserTokenService do
describe ".generate_token" do
before do
@user = FactoryGirl.create(:user_with_group)
end
before do
@user = FactoryGirl.create(:user_with_group)
end

let(:user_token_service) { described_class.new }
let(:token) { user_token_service.generate_token(@user.userid.capitalize, 'api', :token_ttl => token_ttl) }
let(:token_info) { user_token_service.token_mgr('api').token_get_info(token) }
let(:user_token_service) { described_class.new }
let(:token) { user_token_service.generate_token(@user.userid.capitalize, 'api', :token_ttl => token_ttl) }
let(:token_info) { user_token_service.token_mgr('api').token_get_info(token) }

describe ".generate_token" do
context "without token_ttl set" do
let(:token_ttl) { nil }

Expand All @@ -24,4 +24,10 @@
end
end
end

describe ".validate_userid" do
it "ignores the case of the userid" do
expect { user_token_service.send(:validate_userid, @user.userid.capitalize) }.not_to raise_error
end
end
end

0 comments on commit 956c0d5

Please sign in to comment.