From 818c501b073bdac22aaee9966e3569758ac7eae7 Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@miniflux.net>
Date: Thu, 29 Dec 2016 17:53:46 -0500
Subject: [PATCH] Trim username and password

---
 app/models/user.php          |  2 ++
 tests/unit/UserModelTest.php | 11 +++++++++++
 2 files changed, 13 insertions(+)

diff --git a/app/models/user.php b/app/models/user.php
index f8bc70f..4eb894b 100644
--- a/app/models/user.php
+++ b/app/models/user.php
@@ -9,6 +9,8 @@ const TABLE = 'users';
 
 function create_user($username, $password, $is_admin = false)
 {
+    $username = trim($username);
+    $password = trim($password);
     list($fever_token, $fever_api_key) = generate_fever_api_key($username);
 
     return Database::getInstance('db')
diff --git a/tests/unit/UserModelTest.php b/tests/unit/UserModelTest.php
index ee8ac62..8cfccde 100644
--- a/tests/unit/UserModelTest.php
+++ b/tests/unit/UserModelTest.php
@@ -61,6 +61,17 @@ class UserModelTest extends BaseTest
         $this->assertNotEquals('test', $user['password']);
     }
 
+    public function testCreateUserWithTrailingSpaces()
+    {
+        $this->assertEquals(2, Model\User\create_user('foobar ', ' test'));
+
+        $user = Model\User\get_user_by_id(2);
+        $this->assertEquals(2, $user['id']);
+        $this->assertEquals('foobar', $user['username']);
+        $this->assertEquals(0, $user['is_admin']);
+        $this->assertTrue(password_verify('test', $user['password']));
+    }
+
     public function testRemoveUser()
     {
         $this->assertEquals(2, Model\User\create_user('foobar', 'test'));