From 2c64e6488633bfd75167800f3e9c381e695c3cd6 Mon Sep 17 00:00:00 2001
From: lukemelia <lukemelia@a4c988fc-2ded-0310-b66e-134b36920a42>
Date: Wed, 25 Jul 2007 01:54:35 +0000
Subject: [PATCH] Normalize the Open ID URL before save and before looking it
 up. Minor variations, like leaving off the "http://", for example, should not
 prevent authentication.

git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@571 a4c988fc-2ded-0310-b66e-134b36920a42
---
 tracks/app/models/user.rb     | 23 ++++++++++++++++++++++-
 tracks/test/unit/user_test.rb | 25 ++++++++++++++++++++++++-
 2 files changed, 46 insertions(+), 2 deletions(-)

diff --git a/tracks/app/models/user.rb b/tracks/app/models/user.rb
index 6a0426ac..6d357d0c 100644
--- a/tracks/app/models/user.rb
+++ b/tracks/app/models/user.rb
@@ -90,10 +90,11 @@ class User < ActiveRecord::Base
   validates_confirmation_of :password  
   validates_length_of :login, :within => 3..80
   validates_uniqueness_of :login, :on => :create
-  validates_presence_of :open_id_url, :if => Proc.new{|user| user.auth_type == 'open_id'}
+  validates_presence_of :open_id_url, :if => :using_openid?
 
   before_create :crypt_password, :generate_token
   before_update :crypt_password
+  before_save :normalize_open_id_url
   
   def validate
     unless Tracks::Config.auth_schemes.include?(auth_type)
@@ -114,6 +115,11 @@ class User < ActiveRecord::Base
     nil
   end
   
+  def self.find_by_open_id_url(raw_open_id_url)
+    normalized_open_id_url = normalize_open_id_url(raw_open_id_url)
+    find(:first, :conditions => ['open_id_url = ?', normalized_open_id_url])
+  end
+  
   def self.no_users_yet?
     count == 0
   end
@@ -187,8 +193,23 @@ protected
     auth_type == 'database' && crypted_password.blank? || !password.blank?
   end
   
+  def using_openid?
+    auth_type == 'open_id'
+  end
+  
   def password_matches?(pass)
     crypted_password == sha1(pass)
   end
+  
+  def normalize_open_id_url
+    return if open_id_url.nil?
+    self.open_id_url = self.class.normalize_open_id_url(open_id_url)
+  end
+  
+  def self.normalize_open_id_url(raw_open_id_url)
+    normalized = raw_open_id_url
+    normalized = "http://#{raw_open_id_url}" unless raw_open_id_url =~ /\:\/\//
+    normalized.downcase.chomp('/')
+  end
     
 end
diff --git a/tracks/test/unit/user_test.rb b/tracks/test/unit/user_test.rb
index 7f7848e1..2868318f 100644
--- a/tracks/test/unit/user_test.rb
+++ b/tracks/test/unit/user_test.rb
@@ -326,10 +326,33 @@ class UserTest < Test::Rails::TestCase
     assert_nil users(:other_user).remember_token
   end
   
+  def test_normalizes_open_id_url_on_save
+    ['www.johndoe.com', 'WWW.JOHNDOE.COM', 'http://www.johndoe.com/', 'http://www.johndoe.com'].each do |initial|
+      assert_open_id_url_normalized_on_save initial, 'http://www.johndoe.com'
+    end
+  end
+  
+  def test_normalizes_open_id_url_on_find
+     u = users(:other_user)
+     u.open_id_url = 'http://www.johndoe.com'
+     u.save
+     ['www.johndoe.com', 'WWW.JOHNDOE.COM', 'http://www.johndoe.com/', 'http://www.johndoe.com'].each do |raw_open_id_url|
+       assert_equal u.id, User.find_by_open_id_url(raw_open_id_url).id
+     end
+  end
+  
+  
   protected
     def create_user(options = {})
       options[:password_confirmation] = options[:password] unless options.has_key?(:password_confirmation) || !options.has_key?(:password)
       User.create({ :login => 'quire', :password => 'quire', :password_confirmation => 'quire' }.merge(options))
     end
-
+    
+    def assert_open_id_url_normalized_on_save(initial, expected)
+      u = users(:other_user)
+      u.open_id_url = initial
+      u.save
+      assert_equal expected, u.open_id_url
+    end
+    
 end