fix

Masaharu Hayashi · Masaharu Hayashi · commit bba3809c5bb9 · 2026-01-27T22:30:09.000-05:00
diff --git a/modules/invenio-accounts/invenio_accounts/forms.py b/modules/invenio-accounts/invenio_accounts/forms.py
@@ -65,5 +65,15 @@ def __init__(self, *args, **kwargs):
             """
             super(LoginForm, self).__init__(*args, **kwargs)
             self.remember.data = False
+    
+        def validate(self):
+            """Validate the form after trimming email and password fields."""
+            if self.email.data:
+                self.email.data = self.email.data.strip()
+                self.email.data = self.email.data.strip('\u200b')  # remove zero-width spaces
+            if self.password.data:
+                self.password.data = self.password.data.strip()
+                self.password.data = self.password.data.strip('\u200b')  # remove zero-width spaces
+            return super(LoginForm, self).validate()
 
     return LoginForm
diff --git a/modules/weko-accounts/weko_accounts/rest.py b/modules/weko-accounts/weko_accounts/rest.py
@@ -116,6 +116,12 @@ def post_v1(self, **kwargs):
         data = request.get_json()
         email = data['email']
         password = data['password']
+        if email:
+            email = email.strip()
+            email = email.strip('\u200b')  # remove zero-width spaces
+        if password:
+            password = password.strip()
+            password = password.strip('\u200b')  # remove zero-width spaces
 
         # Check if user is already logged in
         if current_user.is_authenticated:
diff --git a/modules/weko-accounts/weko_accounts/views.py b/modules/weko-accounts/weko_accounts/views.py
@@ -340,6 +340,12 @@ def confirm_user():
         shib_user = ShibUser(cache_val)
         account = request.form.get('WEKO_ATTR_ACCOUNT', None)
         password = request.form.get('WEKO_ATTR_PWD', None)
+        if account:
+            account = account.strip()
+            account = account.strip('\u200b')  # remove zero-width spaces
+        if password:
+            password = password.strip()
+            password = password.strip('\u200b')  # remove zero-width spaces
         if not shib_user.check_weko_user(account, password):
             if ams_login:
                 return _redirect_method(True, ams_error=_('There is no user information.'))
