From ceec5084af803c3c4b17178b581d1248c377dfb8 Mon Sep 17 00:00:00 2001
From: Steffen van Bergerem <svbergerem@online.de>
Date: Sun, 17 May 2015 21:55:46 +0200
Subject: [PATCH] Use case insensitive unconfirmed email

closes #5967
---
 Changelog.md                        |  1 +
 app/controllers/users_controller.rb |  2 +-
 app/models/user.rb                  |  5 ++---
 config/initializers/devise.rb       |  4 ++--
 spec/models/user_spec.rb            | 16 +++++++++++-----
 5 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/Changelog.md b/Changelog.md
index d1deb89dd..877376fd1 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -32,6 +32,7 @@
 * Fix fetching for public post while Webfingering [#5958](https://github.com/diaspora/diaspora/pull/5958)
 * Handle empty searchable in HCard gracefully [#5962](https://github.com/diaspora/diaspora/pull/5962)
 * Fix a freeze in new post parsing [#5965](https://github.com/diaspora/diaspora/pull/5965)
+* Add case insensitive unconfirmed email addresses as authentication key [#5967](https://github.com/diaspora/diaspora/pull/5967)
 
 ## Features
 * Hide post title of limited post in comment notification email [#5843](https://github.com/diaspora/diaspora/pull/5843)
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 00932312a..eaa03b62b 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -56,7 +56,7 @@ class UsersController < ApplicationController
       elsif u[:email]
         @user.unconfirmed_email = u[:email]
         if @user.save
-          @user.mail_confirm_email == @user.email
+          @user.send_confirm_email
           if @user.unconfirmed_email
             flash[:notice] = I18n.t 'users.update.unconfirmed_email_changed'
           end
diff --git a/app/models/user.rb b/app/models/user.rb
index de6cc79df..a2a5faabb 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -361,10 +361,9 @@ class User < ActiveRecord::Base
     end
   end
 
-  def mail_confirm_email
-    return false if unconfirmed_email.blank?
+  def send_confirm_email
+    return if unconfirmed_email.blank?
     Workers::Mail::ConfirmEmail.perform_async(id)
-    true
   end
 
   ######### Posts and Such ###############
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 42e1cc656..3698e2373 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -61,12 +61,12 @@ Devise.setup do |config|
   # Configure which authentication keys should be case-insensitive.
   # These keys will be downcased upon creating or modifying a user and when used
   # to authenticate or find a user. Default is :email.
-  config.case_insensitive_keys = [ :email, :username ]
+  config.case_insensitive_keys = %i(email unconfirmed_email username)
 
   # Configure which authentication keys should have whitespace stripped.
   # These keys will have whitespace before and after removed upon creating or
   # modifying a user and when used to authenticate or find a user. Default is :email.
-  config.strip_whitespace_keys = [ :email, :username ]
+  config.strip_whitespace_keys = %i(email unconfirmed_email username)
 
   # Tell if authentication through request.params is enabled. True by default.
   # It can be set to an array that will enable params authentication only for the
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index fc5a94404..3a95098c3 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -725,6 +725,12 @@ describe User, :type => :model do
         user.save!
         expect(user.unconfirmed_email).to eql("alice@newmail.com")
       end
+
+      it "downcases the unconfirmed email" do
+        user.unconfirmed_email = "AlIce@nEwmaiL.Com"
+        user.save!
+        expect(user.unconfirmed_email).to eql("alice@newmail.com")
+      end
     end
 
     describe "#confirm_email_token" do
@@ -759,16 +765,16 @@ describe User, :type => :model do
       end
     end
 
-    describe '#mail_confirm_email' do
-      it 'enqueues a mail job on user with unconfirmed email' do
+    describe "#send_confirm_email" do
+      it "enqueues a mail job on user with unconfirmed email" do
         user.update_attribute(:unconfirmed_email, "alice@newmail.com")
         expect(Workers::Mail::ConfirmEmail).to receive(:perform_async).with(alice.id).once
-        expect(alice.mail_confirm_email).to eql(true)
+        alice.send_confirm_email
       end
 
-      it 'enqueues NO mail job on user without unconfirmed email' do
+      it "enqueues NO mail job on user without unconfirmed email" do
         expect(Workers::Mail::ConfirmEmail).not_to receive(:perform_async).with(alice.id)
-        expect(alice.mail_confirm_email).to eql(false)
+        alice.send_confirm_email
       end
     end