diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-30 11:44:41 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-30 11:45:05 +0000 |
commit | a262d7269b9dc9060f3f5b3de0976d8058c1b580 (patch) | |
tree | 4f1f9ef013ba07def9445f48fa3c7d2dc6277cf4 /app | |
parent | aa5a29806f359945ec3483906a4e40ec71362a61 (diff) | |
download | gitlab-ce-a262d7269b9dc9060f3f5b3de0976d8058c1b580.tar.gz |
Add latest changes from gitlab-org/security/gitlab@14-0-stable-ee
Diffstat (limited to 'app')
-rw-r--r-- | app/models/user.rb | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index 3879eb51371..52bf9149ee2 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -236,6 +236,7 @@ class User < ApplicationRecord validate :owns_commit_email, if: :commit_email_changed? validate :signup_domain_valid?, on: :create, if: ->(user) { !user.created_by_id } validate :check_email_restrictions, on: :create, if: ->(user) { !user.created_by_id } + validate :check_username_format, if: :username_changed? validates :theme_id, allow_nil: true, inclusion: { in: Gitlab::Themes.valid_ids, message: _("%{placeholder} is not a valid theme") % { placeholder: '%{value}' } } @@ -2093,6 +2094,12 @@ class User < ApplicationRecord end end + def check_username_format + return if username.blank? || Mime::EXTENSION_LOOKUP.keys.none? { |type| username.end_with?(type) } + + errors.add(:username, _('ending with MIME type format is not allowed.')) + end + def groups_with_developer_maintainer_project_access project_creation_levels = [::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS] |