wip #857: sign in with password that has whitespaces around it

misago/users/forms/auth.py

@@ -49,8 +49,17 @@ class AuthenticationForm(MisagoAuthMixin, BaseAuthenticationForm):
     Base class for authenticating users, Floppy-forms and
     Misago login field compliant
     """
-    username = forms.CharField(label=_("Username or e-mail"), required=False, max_length=254)
-    password = forms.CharField(label=_("Password"), required=False, widget=forms.PasswordInput)
+    username = forms.CharField(
+        label=_("Username or e-mail"),
+        required=False,
+        max_length=254,
+    )
+    password = forms.CharField(
+        label=_("Password"),
+        strip=False,
+        required=False,
+        widget=forms.PasswordInput,
+    )
 
     def clean(self):
         username = self.cleaned_data.get('username')

misago/users/forms/register.py

@@ -14,7 +14,7 @@ UserModel = get_user_model()
 class RegisterForm(forms.Form):
     username = forms.CharField(validators=[validators.validate_username])
     email = forms.CharField(validators=[validators.validate_email])
-    password = forms.CharField()
+    password = forms.CharField(strip=False)
 
     # placeholder field for setting captcha errors on form
     captcha = forms.CharField(required=False)

misago/users/tests/test_auth_api.py

@@ -48,6 +48,37 @@ class GatewayTests(TestCase):
         self.assertEqual(user_json['id'], user.id)
         self.assertEqual(user_json['username'], user.username)
 
+    def test_login_whitespaces_password(self):
+        """api signs user in with password left untouched"""
+        user = UserModel.objects.create_user('Bob', 'bob@test.com', ' Pass.123 ')
+
+        response = self.client.post(
+            '/api/auth/',
+            data={
+                'username': 'Bob',
+                'password': 'Pass.123',
+            },
+        )
+
+        self.assertEqual(response.status_code, 400)
+
+        response = self.client.post(
+            '/api/auth/',
+            data={
+                'username': 'Bob',
+                'password': ' Pass.123 ',
+            },
+        )
+
+        self.assertEqual(response.status_code, 200)
+
+        response = self.client.get('/api/auth/')
+        self.assertEqual(response.status_code, 200)
+
+        user_json = response.json()
+        self.assertEqual(user_json['id'], user.id)
+        self.assertEqual(user_json['username'], user.username)
+
     def test_submit_empty(self):
         """login api errors for no body"""
         response = self.client.post('/api/auth/')