Add whitespace trimming to login

[joseph-d]

I have had several instances of users trying to log in and authenticating failing because they have whitespace in their email address which is obviously difficult to see on the screen. While this is technically a case of user error, I think that adding whitespace trimming would make the login system more user friendly to less technical users.

[bennothommo]

@joseph-d As simple as this fix is, it technically would introduce a breaking change as there's nothing currently stopping people from having spaces in their username (even trailing spaces).

[joseph-d]

That's a good point, yes. Would it be considered too messy to only do the trim and run authentication a second time only if authentication failed the first time?

I've tried putting in an extra space on a few different websites and all the ones I tried seem to be trimming. I just think it'd be a shame for October websites to behave differently to the norm. I'm running October on a reasonanly-busy site (3,000 - 5,000 visitors per day) and rarely a day goes by when a user doesn't complain about not being able to log in for this reason.

[LukeTowers]

@bennothommo if you can verify that it is currently possible to have a user created with extra whitespace in either their username or email then what we can do is create a migration to trim those values in the DB. If it's not actually possible (i.e. it gets trimmed at some layer before being inserted) then it's fine to move forward with this PR. I agree with @joseph-d that October should be trimming those values as that is the standard elsewhere.

[w20k]

@LukeTowers you can not create a user with incorrect email (think there is a validation rule for that), but login -without any issues.

Screenshot:

[joseph-d]

I have tested this and I can confirm that spaces within email addresses are not permitted by October but spaces within usernames are permitted.

However, if I try to create users with leading or trailing whitespace such as, " joseph" , "joseph " or " joseph " then the whitespace seems to be trimmed from the beginning and end before the data gets into the database. The situation is the same for email addresses.

Therefore, given the PHP trim() function only trims whitespace before and after a string, and not within, I don't think that this patch would create a breaking change after all.

In fact, this patch is wholly necessary because at present a user creating a username or email with a leading or trailing space would have their input accepted by the system and silently trimmed. At present, the user would then be unable to log in using the same whitespace that they just created their username with! This creates a usability nightmare because a lot of people use autocomplete which remembers data from the registration form for the login form.

For example, try registering a username "joseph " with the email address "josephtest@test.com " and the user will be created as "joseph" and "josephtest@test.com" so it would now be impossible to log in as "joseph " or "josephtest@test.com " even though that's what you just registered with.

[LukeTowers]

@joseph-d perfect, thanks for checking.

@bennothommo since

nothing currently stopping people from having spaces in their username (even trailing spaces).

seems to be addressed are you fine with merging this?

[bennothommo]

@LukeTowers I'll confirm that the trimming occurs sometime tonight - if that is the case, then yep it's good to merge.

[bennothommo]

@LukeTowers confirmed - it is trimming the username. Interestingly, all strings are trimmed by the Model class - TIL.

Thanks for the fix, @joseph-d.