Add latest changes from gitlab-org/security/gitlab@14-0-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-06-30 11:44:41 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-06-30 11:45:05 +0000
commit: a262d7269b9dc9060f3f5b3de0976d8058c1b580 (patch)
tree: 4f1f9ef013ba07def9445f48fa3c7d2dc6277cf4 /app
parent: aa5a29806f359945ec3483906a4e40ec71362a61 (diff)
download: gitlab-ce-a262d7269b9dc9060f3f5b3de0976d8058c1b580.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/app/models/user.rb b/app/models/user.rb
index 3879eb51371..52bf9149ee2 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -236,6 +236,7 @@ class User < ApplicationRecord
   validate :owns_commit_email, if: :commit_email_changed?
   validate :signup_domain_valid?, on: :create, if: ->(user) { !user.created_by_id }
   validate :check_email_restrictions, on: :create, if: ->(user) { !user.created_by_id }
+  validate :check_username_format, if: :username_changed?
 
   validates :theme_id, allow_nil: true, inclusion: { in: Gitlab::Themes.valid_ids,
     message: _("%{placeholder} is not a valid theme") % { placeholder: '%{value}' } }
@@ -2093,6 +2094,12 @@ class User < ApplicationRecord
     end
   end
 
+  def check_username_format
+    return if username.blank? || Mime::EXTENSION_LOOKUP.keys.none? { |type| username.end_with?(type) }
+
+    errors.add(:username, _('ending with MIME type format is not allowed.'))
+  end
+
   def groups_with_developer_maintainer_project_access
     project_creation_levels = [::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS]
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-06-30 11:44:41 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-06-30 11:45:05 +0000
commit	a262d7269b9dc9060f3f5b3de0976d8058c1b580 (patch)
tree	4f1f9ef013ba07def9445f48fa3c7d2dc6277cf4 /app
parent	aa5a29806f359945ec3483906a4e40ec71362a61 (diff)
download	gitlab-ce-a262d7269b9dc9060f3f5b3de0976d8058c1b580.tar.gz