feat(login): trim email on login

AEGEE · Mar 26, 2020 · fee9268 · fee9268
1 parent 49d403e
commit fee9268
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 2 deletions.
diff --git a/middlewares/login.js b/middlewares/login.js
@@ -5,11 +5,13 @@ const { Sequelize } = require('../lib/sequelize');
 const errors = require('../lib/errors');
 
 module.exports.login = async (req, res) => {
+    const username = (req.body.username || '').trim();
+
     const user = await User.scope('withPassword').findOne({
         where: {
             [Sequelize.Op.or]: {
-                email: req.body.username,
-                username: req.body.username
+                email: username,
+                username
             }
         }
     });

diff --git a/test/api/authorization.test.js b/test/api/authorization.test.js
@@ -50,6 +50,24 @@ describe('Authorization', () => {
         expect(res.body).toHaveProperty('message');
     });
 
+    test('should fail if email is empty', async () => {
+        await generator.createUser();
+        const res = await request({
+            uri: '/login/',
+            method: 'POST',
+            headers: { 'X-Auth-Token': 'blablabla' },
+            body: {
+                username: '',
+                password: 'test2'
+            }
+        });
+
+        expect(res.statusCode).toEqual(401);
+        expect(res.body.success).toEqual(false);
+        expect(res.body).not.toHaveProperty('data');
+        expect(res.body).toHaveProperty('message');
+    });
+
     test('should fail if the email is not confirmed', async () => {
         const user = await generator.createUser({ password: 'testtest', mail_confirmed_at: null });
         const res = await request({
@@ -85,4 +103,40 @@ describe('Authorization', () => {
         expect(res.body).toHaveProperty('data');
         expect(res.body).not.toHaveProperty('errors');
     });
+
+    test('should find by username', async () => {
+        await generator.createUser({ password: 'testtest', username: 'admin' });
+        const res = await request({
+            uri: '/login/',
+            method: 'POST',
+            headers: { 'X-Auth-Token': 'blablabla' },
+            body: {
+                username: 'admin',
+                password: 'testtest'
+            }
+        });
+
+        expect(res.statusCode).toEqual(200);
+        expect(res.body.success).toEqual(true);
+        expect(res.body).toHaveProperty('data');
+        expect(res.body).not.toHaveProperty('errors');
+    });
+
+    test('should find user when trimming', async () => {
+        const user = await generator.createUser({ password: 'testtest' });
+        const res = await request({
+            uri: '/login/',
+            method: 'POST',
+            headers: { 'X-Auth-Token': 'blablabla' },
+            body: {
+                username: '\t\t   \t\t    \t' + user.email + '\t\t   \t\t    \t',
+                password: 'testtest'
+            }
+        });
+
+        expect(res.statusCode).toEqual(200);
+        expect(res.body.success).toEqual(true);
+        expect(res.body).toHaveProperty('data');
+        expect(res.body).not.toHaveProperty('errors');
+    });
 });