Semicolon & Sons

Always strip whitespace when searching exact match user input

This is part of the Semicolon&Sons Code Diary - consisting of lessons learned on the job. You're in the user-input-and-output category.

Last Updated: 2024-04-25

I had the following code for resetting passwords for a particular email address, yet people sometimes complained about not receiving reset emails. (There was no delivery issue)

email = user_params[:email].downcase
user = User.find_by(email: email)
user&.reset_password
flash[:notice] =
  'Reset password request received. For privacy reasons we cannot reveal whether ' \
  "#{user_params[:email]} is on file with us. If you receive no email within 5 minutes, try " \
  'a different address.'

The issue was that users added whitespace before and after their email sometimes — I fixed as follows

email = user_params[:email].downcase.strip
...

Lesson

When matching exactly against user input in the DB, be sure to trim whitespace. The best place is probably at the middleware level so it's global.

Get Episode Alerts and Freebies

We publish a video once every week, on Sundays. Every 2nd video is completely free to watch.

If you'd like, we can remind you via email when a new episode is released. We'll also keep you up to date about the top-secret game we're developing for learning programming.

Semicolon & Sons

© 2024 Semicolon & Sons. All rights reserved.