Normalize the Open ID URL before save and before looking it up. Minor variations, like leaving off the "http://", for example, should not prevent authentication.

git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@571 a4c988fc-2ded-0310-b66e-134b36920a42

tracks/app/models/user.rb

@@ -90,10 +90,11 @@ class User < ActiveRecord::Base
   validates_confirmation_of :password  
   validates_length_of :login, :within => 3..80
   validates_uniqueness_of :login, :on => :create
-  validates_presence_of :open_id_url, :if => Proc.new{|user| user.auth_type == 'open_id'}
+  validates_presence_of :open_id_url, :if => :using_openid?
 
   before_create :crypt_password, :generate_token
   before_update :crypt_password
+  before_save :normalize_open_id_url
   
   def validate
     unless Tracks::Config.auth_schemes.include?(auth_type)
@@ -114,6 +115,11 @@ class User < ActiveRecord::Base
     nil
   end
   
+  def self.find_by_open_id_url(raw_open_id_url)
+    normalized_open_id_url = normalize_open_id_url(raw_open_id_url)
+    find(:first, :conditions => ['open_id_url = ?', normalized_open_id_url])
+  end
+  
   def self.no_users_yet?
     count == 0
   end
@@ -187,8 +193,23 @@ protected
     auth_type == 'database' && crypted_password.blank? || !password.blank?
   end
   
+  def using_openid?
+    auth_type == 'open_id'
+  end
+  
   def password_matches?(pass)
     crypted_password == sha1(pass)
   end
+  
+  def normalize_open_id_url
+    return if open_id_url.nil?
+    self.open_id_url = self.class.normalize_open_id_url(open_id_url)
+  end
+  
+  def self.normalize_open_id_url(raw_open_id_url)
+    normalized = raw_open_id_url
+    normalized = "http://#{raw_open_id_url}" unless raw_open_id_url =~ /\:\/\//
+    normalized.downcase.chomp('/')
+  end
     
 end

tracks/test/unit/user_test.rb

@@ -326,10 +326,33 @@ class UserTest < Test::Rails::TestCase
     assert_nil users(:other_user).remember_token
   end
   
+  def test_normalizes_open_id_url_on_save
+    ['www.johndoe.com', 'WWW.JOHNDOE.COM', 'http://www.johndoe.com/', 'http://www.johndoe.com'].each do |initial|
+      assert_open_id_url_normalized_on_save initial, 'http://www.johndoe.com'
+    end
+  end
+  
+  def test_normalizes_open_id_url_on_find
+     u = users(:other_user)
+     u.open_id_url = 'http://www.johndoe.com'
+     u.save
+     ['www.johndoe.com', 'WWW.JOHNDOE.COM', 'http://www.johndoe.com/', 'http://www.johndoe.com'].each do |raw_open_id_url|
+       assert_equal u.id, User.find_by_open_id_url(raw_open_id_url).id
+     end
+  end
+  
+  
   protected
     def create_user(options = {})
       options[:password_confirmation] = options[:password] unless options.has_key?(:password_confirmation) || !options.has_key?(:password)
       User.create({ :login => 'quire', :password => 'quire', :password_confirmation => 'quire' }.merge(options))
     end
-
+    
+    def assert_open_id_url_normalized_on_save(initial, expected)
+      u = users(:other_user)
+      u.open_id_url = initial
+      u.save
+      assert_equal expected, u.open_id_url
+    end
+    
 end