Strip invalid UTF-8 bytes in User#find_by_login (#16107).

git-svn-id: http://svn.redmine.org/redmine/trunk@12916 e93f8b46-1217-0410-a6f0-8f06a7374b81

app/models/user.rb

@@ -384,8 +384,8 @@ class User < Principal
   # Find a user account by matching the exact login and then a case-insensitive
   # version.  Exact matches will be given priority.
   def self.find_by_login(login)
+    login = Redmine::CodesetUtil.replace_invalid_utf8(login.to_s)
     if login.present?
-      login = login.to_s
       # First look for an exact match
       user = where(:login => login).detect {|u| u.login == login}
       unless user

test/integration/api_test/authentication_test.rb

@@ -30,7 +30,7 @@ class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base
 
   def test_api_should_trigger_basic_http_auth_with_basic_authorization_header
     ApplicationController.any_instance.expects(:authenticate_with_http_basic).once
-    get '/users/current.xml', {}, credentials('admin')
+    get '/users/current.xml', {}, credentials('jsmith')
   end
 
   def test_api_should_not_trigger_basic_http_auth_with_non_basic_authorization_header
@@ -38,6 +38,12 @@ class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base
     get '/users/current.xml', {}, 'HTTP_AUTHORIZATION' => 'Digest foo bar'
   end
 
+  def test_invalid_utf8_credentials_should_not_trigger_an_error
+    assert_nothing_raised do
+      get '/users/current.xml', {}, credentials("\x82", "foo")
+    end
+  end
+
   def test_api_request_should_not_use_user_session
     log_user('jsmith', 'jsmith')