From: Anton Khorev Date: Sat, 2 Sep 2023 11:19:59 +0000 (+0300) Subject: Disallow username changes to user_n if n isn't their id X-Git-Tag: live~836^2~1 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/2c342adc0df6b932165b521247201772f4369923 Disallow username changes to user_n if n isn't their id --- diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index e6772b8a4..d80653712 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -61,7 +61,7 @@ Metrics/BlockNesting: # Offense count: 26 # Configuration parameters: CountComments, CountAsOne. Metrics/ClassLength: - Max: 299 + Max: 305 # Offense count: 59 # Configuration parameters: AllowedMethods, AllowedPatterns. diff --git a/app/models/user.rb b/app/models/user.rb index 5790d81e5..8a471586a 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -99,6 +99,7 @@ class User < ApplicationRecord validates :display_name, :if => proc { |u| u.display_name_changed? }, :characters => { :url_safe => true }, :whitespace => { :leading => false, :trailing => false } + validate :display_name_cannot_be_user_id_with_other_id validates :email, :presence => true, :confirmation => true, :characters => true validates :email, :if => proc { |u| u.email_changed? }, :uniqueness => { :case_sensitive => false } @@ -124,6 +125,12 @@ class User < ApplicationRecord before_save :update_tile after_save :spam_check + def display_name_cannot_be_user_id_with_other_id + display_name_changed? && display_name&.match(/^user_(\d+)$/i) do |m| + errors.add :display_name, I18n.t("activerecord.errors.messages.display_name_is_user_n") unless m[1].to_i == id + end + end + def to_param display_name end diff --git a/config/locales/en.yml b/config/locales/en.yml index 7ff2bfd06..b266a87d6 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -40,6 +40,7 @@ en: messages: invalid_email_address: does not appear to be a valid e-mail address email_address_not_routable: is not routable + display_name_is_user_n: can't be user_n unless n is your user id models: user_mute: attributes: diff --git a/test/models/user_test.rb b/test/models/user_test.rb index 5c48bb969..c2571d0c0 100644 --- a/test/models/user_test.rb +++ b/test/models/user_test.rb @@ -91,6 +91,28 @@ class UserTest < ActiveSupport::TestCase end end + def test_display_name_user_id_new + existing_user = create(:user) + user = build(:user) + + user.display_name = "user_#{existing_user.id}" + assert_not user.valid?, "user_ name is valid for existing user id when it shouldn't be" + + user.display_name = "user_#{existing_user.id + 1}" + assert_not user.valid?, "user_ name is valid for new user id when it shouldn't be" + end + + def test_display_name_user_id_rename + existing_user = create(:user) + user = create(:user) + + user.display_name = "user_#{existing_user.id}" + assert_not user.valid?, "user_ name is valid for existing user id when it shouldn't be" + + user.display_name = "user_#{user.id}" + assert_predicate user, :valid?, "user_ name is invalid for own id, when it should be" + end + def test_friends_with alice = create(:user, :active) bob = create(:user, :active)