diff options
-rw-r--r-- | app/models/namespace.rb | 8 | ||||
-rw-r--r-- | app/models/user.rb | 6 | ||||
-rw-r--r-- | app/validators/namespace_validator.rb | 22 | ||||
-rw-r--r-- | spec/models/user_spec.rb | 18 | ||||
-rw-r--r-- | spec/requests/api/users_spec.rb | 4 |
5 files changed, 46 insertions, 12 deletions
diff --git a/app/models/namespace.rb b/app/models/namespace.rb index 20b92e68d61..e07c676a9f3 100644 --- a/app/models/namespace.rb +++ b/app/models/namespace.rb @@ -30,12 +30,10 @@ class Namespace < ActiveRecord::Base validates :description, length: { within: 0..255 } validates :path, - uniqueness: { case_sensitive: false }, - presence: true, length: { within: 1..255 }, - exclusion: { in: Gitlab::Blacklist.path }, - format: { with: Gitlab::Regex.namespace_regex, - message: Gitlab::Regex.namespace_regex_message } + namespace: true, + presence: true, + uniqueness: { case_sensitive: false } delegate :name, to: :owner, allow_nil: true, prefix: true diff --git a/app/models/user.rb b/app/models/user.rb index 719b49b16fe..cfed797e725 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -148,11 +148,9 @@ class User < ActiveRecord::Base validates :bio, length: { maximum: 255 }, allow_blank: true validates :projects_limit, presence: true, numericality: { greater_than_or_equal_to: 0 } validates :username, + namespace: true, presence: true, - uniqueness: { case_sensitive: false }, - exclusion: { in: Gitlab::Blacklist.path }, - format: { with: Gitlab::Regex.namespace_regex, - message: Gitlab::Regex.namespace_regex_message } + uniqueness: { case_sensitive: false } validates :notification_level, inclusion: { in: Notification.notification_levels }, presence: true validate :namespace_uniq, if: ->(user) { user.username_changed? } diff --git a/app/validators/namespace_validator.rb b/app/validators/namespace_validator.rb new file mode 100644 index 00000000000..4ab1706abda --- /dev/null +++ b/app/validators/namespace_validator.rb @@ -0,0 +1,22 @@ +# NamespaceValidator +# +# Custom validator for GitLab namespace values. +# +# Values are checked for formatting and exclusion from `Gitlab::Blacklist.path`. +class NamespaceValidator < ActiveModel::EachValidator + def validate_each(record, attribute, value) + unless value =~ Gitlab::Regex.namespace_regex + record.errors.add(attribute, Gitlab::Regex.namespace_regex_message) + end + + if blacklisted?(value) + record.errors.add(attribute, "#{value} is a reserved name") + end + end + + private + + def blacklisted?(value) + Gitlab::Blacklist.path.include?(value) + end +end diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 4631b12faf1..a0f78d3b336 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -91,7 +91,23 @@ describe User do end describe 'validations' do - it { is_expected.to validate_presence_of(:username) } + describe 'username' do + it 'validates presence' do + expect(subject).to validate_presence_of(:username) + end + + it 'rejects blacklisted names' do + user = build(:user, username: 'dashboard') + + expect(user).not_to be_valid + expect(user.errors.values).to eq [['dashboard is a reserved name']] + end + + it 'validates uniqueness' do + expect(subject).to validate_uniqueness_of(:username) + end + end + it { is_expected.to validate_presence_of(:projects_limit) } it { is_expected.to validate_numericality_of(:projects_limit) } it { is_expected.to allow_value(0).for(:projects_limit) } diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index a9ef2fe5885..2f609c63330 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -153,7 +153,7 @@ describe API::API, api: true do expect(json_response['message']['projects_limit']). to eq(['must be greater than or equal to 0']) expect(json_response['message']['username']). - to eq([Gitlab::Regex.send(:namespace_regex_message)]) + to eq([Gitlab::Regex.namespace_regex_message]) end it "shouldn't available for non admin users" do @@ -296,7 +296,7 @@ describe API::API, api: true do expect(json_response['message']['projects_limit']). to eq(['must be greater than or equal to 0']) expect(json_response['message']['username']). - to eq([Gitlab::Regex.send(:namespace_regex_message)]) + to eq([Gitlab::Regex.namespace_regex_message]) end context "with existing user" do |