This is part of the Semicolon&Sons Code Diary - consisting of lessons learned on the job. You're in the user-input-and-output category.
Last Updated: 2024-11-21
I had the following code for resetting passwords for a particular email address, yet people sometimes complained about not receiving reset emails. (There was no delivery issue)
email = user_params[:email].downcase
user = User.find_by(email: email)
user&.reset_password
flash[:notice] =
'Reset password request received. For privacy reasons we cannot reveal whether ' \
"#{user_params[:email]} is on file with us. If you receive no email within 5 minutes, try " \
'a different address.'
The issue was that users added whitespace before and after their email sometimes — I fixed as follows
email = user_params[:email].downcase.strip
...
When matching exactly against user input in the DB, be sure to trim whitespace. The best place is probably at the middleware level so it's global.