diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb
index ca1e4b24a..d0a195fec 100644
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@@ -9,7 +9,7 @@ class SessionController < ApplicationController
     params.require(:login)
     params.require(:password)
 
-    login = params[:login]
+    login = params[:login].strip
     login = login[1..-1] if login[0] == "@"
 
     if login =~ /@/
diff --git a/spec/controllers/session_controller_spec.rb b/spec/controllers/session_controller_spec.rb
index 64b9832b4..8f5e0556c 100644
--- a/spec/controllers/session_controller_spec.rb
+++ b/spec/controllers/session_controller_spec.rb
@@ -13,7 +13,7 @@ describe SessionController do
       end
 
       it "raises an error when the login isn't present" do
-	lambda { xhr :post, :create }.should raise_error(ActionController::ParameterMissing)
+        lambda { xhr :post, :create }.should raise_error(ActionController::ParameterMissing)
       end
 
       describe 'invalid password' do
@@ -72,6 +72,21 @@ describe SessionController do
         end
       end
 
+      context 'login has leading and trailing space' do
+        let(:username) { " #{user.username} " }
+        let(:email) { " #{user.email} " }
+
+        it "strips spaces from the username" do
+          xhr :post, :create, login: username, password: 'myawesomepassword'
+          ::JSON.parse(response.body)['error'].should_not be_present
+        end
+
+        it "strips spaces from the email" do
+          xhr :post, :create, login: email, password: 'myawesomepassword'
+          ::JSON.parse(response.body)['error'].should_not be_present
+        end
+      end
+
       describe "when the site requires approval of users" do
         before do
           SiteSetting.expects(:must_approve_users?).returns(true)