From 808c27119b0a601991426b0e55d6836e7bbd07a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Oliver=20G=C3=BCnther?= <mail@oliverguenther.de>
Date: Thu, 21 Mar 2024 11:29:21 +0100
Subject: [PATCH] Allow logins to receive umlauts and other letter class chars

---
 app/models/user.rb                  |  2 +-
 spec/fixtures/ldap/users.ldif       |  4 ++--
 spec/models/user_spec.rb            | 14 +++++++++++++-
 spec/requests/auth/ldap_sso_spec.rb | 17 +++++++++++++++++
 4 files changed, 33 insertions(+), 4 deletions(-)

diff --git a/app/models/user.rb b/app/models/user.rb
index 51cce45acae2..d7cd19c38e7b 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -129,7 +129,7 @@ def self.blocked_condition(blocked)
   validates :login, uniqueness: { if: Proc.new { |user| user.login.present? }, case_sensitive: false }
   validates :mail, uniqueness: { allow_blank: true, case_sensitive: false }
   # Login must contain letters, numbers, underscores only
-  validates :login, format: { with: /\A[a-z0-9_\-@.+ ]*\z/i }
+  validates :login, format: { with: /\A[\p{L}0-9_\-@.+ ]*\z/i }
   validates :login, length: { maximum: 256 }
 
   validates :firstname, :lastname, length: { maximum: 256 }
diff --git a/spec/fixtures/ldap/users.ldif b/spec/fixtures/ldap/users.ldif
index d5b3699de32f..1daaeed36865 100644
--- a/spec/fixtures/ldap/users.ldif
+++ b/spec/fixtures/ldap/users.ldif
@@ -194,5 +194,5 @@ givenName: Bölle
 mail: boelle@example.org
 uid: bölle
 samAccountName: bölle
-# Password is "smada"
-userpassword:: e1NIQX10Nk1mdHRLRG5HSm1xZnRqRUVEeEpLZ2ZjNEE9Cg==
+# Password is "bólle"
+userpassword:: e1NIQX1rNDBGWHRYQ3RFL3l2cENhblRpQmZ2cE1ON1k9Cg==
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 9bbcb97d49f5..121b8bdce4fc 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -143,6 +143,18 @@
         end
       end
 
+      context 'with other letter char classes' do
+        let(:login) { "célîneüberölig" }
+
+        it 'is valid' do
+          expect(user).to be_valid
+        end
+
+        it 'may be stored in the database' do
+          expect(user.save).to be_truthy
+        end
+      end
+
       context "with tabs" do
         let(:login) { 'ab\tc' }
 
@@ -172,7 +184,7 @@
       end
 
       context "with combination thereof" do
-        let(:login) { "the+boss-is@the_house." }
+        let(:login) { "the+boss-is-über@the_house." }
 
         it "is valid" do
           expect(user).to be_valid
diff --git a/spec/requests/auth/ldap_sso_spec.rb b/spec/requests/auth/ldap_sso_spec.rb
index 5d2858a013a6..d1367a9fc0c9 100644
--- a/spec/requests/auth/ldap_sso_spec.rb
+++ b/spec/requests/auth/ldap_sso_spec.rb
@@ -58,6 +58,23 @@
       expect(subject).to redirect_to "/?first_time_user=true"
     end
 
+    context 'with a user that has umlauts in their name' do
+      let(:username) { 'bölle' }
+      let(:password) { 'bólle' }
+
+      it 'creates a user with umlauts on the fly' do
+        expect(User.find_by(login: 'bölle')).to be_nil
+
+        expect { subject }.to change(User.not_builtin.active, :count).by(1)
+
+        user = User.find_by(login: 'bölle')
+        expect(user).to be_present
+        expect(user).to be_active
+        expect(session[:user_id]).to eq user.id
+        expect(subject).to redirect_to '/?first_time_user=true'
+      end
+    end
+
     context "when not all attributes present" do
       let(:attr_mail) { nil }