From 77a34278ca697ac47ce451959d7f8c2774d5188a Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Thu, 23 Apr 2009 23:46:45 +0000 Subject: [PATCH] Backout broken attempt at making case insensitive authentication work on Postgres. As implemented this forces a table scan to authenticate users which is ridiculous to save people pressing the shift key. --- app/models/user.rb | 8 +---- test/fixtures/users.yml | 4 +-- test/functional/user_controller_test.rb | 40 +------------------------ 3 files changed, 3 insertions(+), 49 deletions(-) diff --git a/app/models/user.rb b/app/models/user.rb index 5a277c9b4..4113662aa 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -42,13 +42,7 @@ class User < ActiveRecord::Base def self.authenticate(options) if options[:username] and options[:password] - environment = Rails.configuration.environment - adapter = Rails.configuration.database_configuration[environment]["adapter"] - if adapter == "postgresql" - user = find(:first, :conditions => ["email ILIKE ? OR display_name ILIKE ?", options[:username], options[:username]]) - else - user = find(:first, :conditions => ["email = ? OR display_name = ?", options[:username], options[:username]]) - end + user = find(:first, :conditions => ["email = ? OR display_name = ?", options[:username], options[:username]]) user = nil if user and user.pass_crypt != OSM::encrypt_password(options[:password], user.pass_salt) elsif options[:token] token = UserToken.find(:first, :include => :user, :conditions => ["user_tokens.token = ?", options[:token]]) diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml index 873940761..46f8885d9 100644 --- a/test/fixtures/users.yml +++ b/test/fixtures/users.yml @@ -1,9 +1,7 @@ # Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html -# The normal user's email is intentionally capitalised that way to -# check that the login is case insensitive normal_user: id: 1 - email: test@OpenStreetMap.org + email: test@openstreetmap.org active: true pass_crypt: <%= Digest::MD5.hexdigest('test') %> creation_time: "2007-01-01 00:00:00" diff --git a/test/functional/user_controller_test.rb b/test/functional/user_controller_test.rb index e9744e7bf..d68f1f883 100644 --- a/test/functional/user_controller_test.rb +++ b/test/functional/user_controller_test.rb @@ -7,7 +7,6 @@ class UserControllerTest < ActionController::TestCase def test_user_create get :new assert_response :success - assert_template 'new' assert_select "html:root", :count => 1 do assert_select "head", :count => 1 do @@ -42,45 +41,8 @@ class UserControllerTest < ActionController::TestCase get :api_details assert_response :unauthorized - # Private users can login and get the api details - usr = users(:normal_user) - basic_authorization(usr.email, "test") + basic_authorization(users(:normal_user).email, "test") get :api_details assert_response :success - # Now check the content of the XML returned - print @response.body - assert_select "osm:root[version=#{API_VERSION}][generator='#{GENERATOR}']", :count => 1 do - assert_select "user[display_name='#{usr.display_name}'][account_created='#{usr.creation_time.xmlschema}']", :count => 1 do - assert_select "home[lat='#{usr.home_lat}'][lon='#{usr.home_lon}'][zoom='#{usr.home_zoom}']", :count => 1 - end - end - - end - - # Check that we can login through the web using the mixed case fixture, - # lower case and upper case - def test_user_login_web_case - login_web_case_ok users(:normal_user).email, "test" - login_web_case_ok users(:normal_user).email.upcase, "test" - login_web_case_ok users(:normal_user).email.downcase, "test" - end - - def login_web_case_ok(userstring, password) - post :login, :user => {:email => userstring, :password => password} - assert_redirected_to :controller => 'site', :action => 'index' - end - - # Check that we can login to the api, and get the user details - # using the mixed case fixture, lower case and upper case - def test_user_login_api_case - login_api_case_ok users(:normal_user).email, "test" - login_api_case_ok users(:normal_user).email.upcase, "test" - login_api_case_ok users(:normal_user).email.downcase, "test" - end - - def login_api_case_ok(userstring, password) - basic_authorization(userstring, password) - get :api_details - assert :success end end -- 2.43.2