Strip whitespace from username/login value for user lookup

As per the discussion with @psimyn, this change does not affect the frontend, so user input will not be validated on the signin screen.

Instead, the value sent to the backend has leading and trailing whitespace stripped before looking up the user with find_by.

Closes #42637

app/models/user.rb

@@ -249,7 +249,7 @@ class User < ActiveRecord::Base
     def find_for_database_authentication(warden_conditions)
       conditions = warden_conditions.dup
       if login = conditions.delete(:login)
-        where(conditions).find_by("lower(username) = :value OR lower(email) = :value", value: login.downcase)
+        where(conditions).find_by("lower(username) = :value OR lower(email) = :value", value: login.downcase.strip)
       else
         find_by(conditions)
       end

changelogs/unreleased/change-strip-whitespace-from-username-input-42637.yml

+---
+title: Remove whitespace from the username/email sign in form field
+merge_request: 17020
+author: Peter lauck
+type: changed

spec/models/user_spec.rb

@@ -893,6 +893,14 @@ describe User do
     end
   end
 
+  describe '.find_for_database_authentication' do
+    it 'strips whitespace from login' do
+      user = create(:user)
+
+      expect(described_class.find_for_database_authentication({ login: " #{user.username} " })).to eq user
+    end
+  end
+
   describe '.find_by_any_email' do
     it 'finds by primary email' do
       user = create(:user, email: 'foo@example.com')