Use case insensitive unconfirmed email

closes #5967

Changelog.md

@@ -32,6 +32,7 @@
 * Fix fetching for public post while Webfingering [#5958](https://github.com/diaspora/diaspora/pull/5958)
 * Handle empty searchable in HCard gracefully [#5962](https://github.com/diaspora/diaspora/pull/5962)
 * Fix a freeze in new post parsing [#5965](https://github.com/diaspora/diaspora/pull/5965)
+* Add case insensitive unconfirmed email addresses as authentication key [#5967](https://github.com/diaspora/diaspora/pull/5967)
 
 ## Features
 * Hide post title of limited post in comment notification email [#5843](https://github.com/diaspora/diaspora/pull/5843)

app/controllers/users_controller.rb

@@ -56,7 +56,7 @@ class UsersController < ApplicationController
       elsif u[:email]
         @user.unconfirmed_email = u[:email]
         if @user.save
-          @user.mail_confirm_email == @user.email
+          @user.send_confirm_email
           if @user.unconfirmed_email
             flash[:notice] = I18n.t 'users.update.unconfirmed_email_changed'
           end

app/models/user.rb

@@ -361,10 +361,9 @@ class User < ActiveRecord::Base
     end
   end
 
-  def mail_confirm_email
-    return false if unconfirmed_email.blank?
+  def send_confirm_email
+    return if unconfirmed_email.blank?
     Workers::Mail::ConfirmEmail.perform_async(id)
-    true
   end
 
   ######### Posts and Such ###############

config/initializers/devise.rb

@@ -61,12 +61,12 @@ Devise.setup do |config|
   # Configure which authentication keys should be case-insensitive.
   # These keys will be downcased upon creating or modifying a user and when used
   # to authenticate or find a user. Default is :email.
-  config.case_insensitive_keys = [ :email, :username ]
+  config.case_insensitive_keys = %i(email unconfirmed_email username)
 
   # Configure which authentication keys should have whitespace stripped.
   # These keys will have whitespace before and after removed upon creating or
   # modifying a user and when used to authenticate or find a user. Default is :email.
-  config.strip_whitespace_keys = [ :email, :username ]
+  config.strip_whitespace_keys = %i(email unconfirmed_email username)
 
   # Tell if authentication through request.params is enabled. True by default.
   # It can be set to an array that will enable params authentication only for the

spec/models/user_spec.rb

@@ -725,6 +725,12 @@ describe User, :type => :model do
         user.save!
         expect(user.unconfirmed_email).to eql("alice@newmail.com")
       end
+
+      it "downcases the unconfirmed email" do
+        user.unconfirmed_email = "AlIce@nEwmaiL.Com"
+        user.save!
+        expect(user.unconfirmed_email).to eql("alice@newmail.com")
+      end
     end
 
     describe "#confirm_email_token" do
@@ -759,16 +765,16 @@ describe User, :type => :model do
       end
     end
 
-    describe '#mail_confirm_email' do
-      it 'enqueues a mail job on user with unconfirmed email' do
+    describe "#send_confirm_email" do
+      it "enqueues a mail job on user with unconfirmed email" do
         user.update_attribute(:unconfirmed_email, "alice@newmail.com")
         expect(Workers::Mail::ConfirmEmail).to receive(:perform_async).with(alice.id).once
-        expect(alice.mail_confirm_email).to eql(true)
+        alice.send_confirm_email
       end
 
-      it 'enqueues NO mail job on user without unconfirmed email' do
+      it "enqueues NO mail job on user without unconfirmed email" do
         expect(Workers::Mail::ConfirmEmail).not_to receive(:perform_async).with(alice.id)
-        expect(alice.mail_confirm_email).to eql(false)
+        alice.send_confirm_email
       end
     end