diff options
| -rw-r--r-- | app/models/user.rb | 7 | ||||
| -rw-r--r-- | locale/gitlab.pot | 3 | ||||
| -rw-r--r-- | spec/models/user_spec.rb | 13 | ||||
| -rw-r--r-- | spec/requests/api/projects_spec.rb | 2 | ||||
| -rw-r--r-- | spec/requests/api/users_spec.rb | 2 |
5 files changed, 25 insertions, 2 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index 3879eb51371..52bf9149ee2 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -236,6 +236,7 @@ class User < ApplicationRecord validate :owns_commit_email, if: :commit_email_changed? validate :signup_domain_valid?, on: :create, if: ->(user) { !user.created_by_id } validate :check_email_restrictions, on: :create, if: ->(user) { !user.created_by_id } + validate :check_username_format, if: :username_changed? validates :theme_id, allow_nil: true, inclusion: { in: Gitlab::Themes.valid_ids, message: _("%{placeholder} is not a valid theme") % { placeholder: '%{value}' } } @@ -2093,6 +2094,12 @@ class User < ApplicationRecord end end + def check_username_format + return if username.blank? || Mime::EXTENSION_LOOKUP.keys.none? { |type| username.end_with?(type) } + + errors.add(:username, _('ending with MIME type format is not allowed.')) + end + def groups_with_developer_maintainer_project_access project_creation_levels = [::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS] diff --git a/locale/gitlab.pot b/locale/gitlab.pot index b82dc3d5259..feb3d972d2a 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -38542,6 +38542,9 @@ msgstr "" msgid "encrypted: needs to be a :required, :optional or :migrating!" msgstr "" +msgid "ending with MIME type format is not allowed." +msgstr "" + msgid "entries cannot be larger than 255 characters" msgstr "" diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index dc78ec2be21..2185df0609e 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -387,6 +387,19 @@ RSpec.describe User do expect(user.errors.full_messages).to eq(['Username has already been taken']) end end + + it 'validates format' do + Mime::EXTENSION_LOOKUP.keys.each do |type| + user = build(:user, username: "test.#{type}") + + expect(user).not_to be_valid + expect(user.errors.full_messages).to include('Username ending with MIME type format is not allowed.') + end + end + + it 'validates format on updated record' do + expect(create(:user).update(username: 'profile.html')).to be_falsey + end end it 'has a DB-level NOT NULL constraint on projects_limit' do diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb index e7e26c34a83..529a75af122 100644 --- a/spec/requests/api/projects_spec.rb +++ b/spec/requests/api/projects_spec.rb @@ -56,7 +56,7 @@ RSpec.describe API::Projects do let_it_be(:project, reload: true) { create(:project, :repository, create_branch: 'something_else', namespace: user.namespace) } let_it_be(:project2, reload: true) { create(:project, namespace: user.namespace) } let_it_be(:project_member) { create(:project_member, :developer, user: user3, project: project) } - let_it_be(:user4) { create(:user, username: 'user.with.dot') } + let_it_be(:user4) { create(:user, username: 'user.withdot') } let_it_be(:project3, reload: true) do create(:project, :private, diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index a9231b65c8f..d724cb9612c 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -4,7 +4,7 @@ require 'spec_helper' RSpec.describe API::Users do let_it_be(:admin) { create(:admin) } - let_it_be(:user, reload: true) { create(:user, username: 'user.with.dot') } + let_it_be(:user, reload: true) { create(:user, username: 'user.withdot') } let_it_be(:key) { create(:key, user: user) } let_it_be(:gpg_key) { create(:gpg_key, user: user) } let_it_be(:email) { create(:email, user: user) } |