summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--app/models/user.rb7
-rw-r--r--locale/gitlab.pot3
-rw-r--r--spec/models/user_spec.rb13
-rw-r--r--spec/requests/api/projects_spec.rb2
-rw-r--r--spec/requests/api/users_spec.rb2
5 files changed, 25 insertions, 2 deletions
diff --git a/app/models/user.rb b/app/models/user.rb
index 3879eb51371..52bf9149ee2 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -236,6 +236,7 @@ class User < ApplicationRecord
validate :owns_commit_email, if: :commit_email_changed?
validate :signup_domain_valid?, on: :create, if: ->(user) { !user.created_by_id }
validate :check_email_restrictions, on: :create, if: ->(user) { !user.created_by_id }
+ validate :check_username_format, if: :username_changed?
validates :theme_id, allow_nil: true, inclusion: { in: Gitlab::Themes.valid_ids,
message: _("%{placeholder} is not a valid theme") % { placeholder: '%{value}' } }
@@ -2093,6 +2094,12 @@ class User < ApplicationRecord
end
end
+ def check_username_format
+ return if username.blank? || Mime::EXTENSION_LOOKUP.keys.none? { |type| username.end_with?(type) }
+
+ errors.add(:username, _('ending with MIME type format is not allowed.'))
+ end
+
def groups_with_developer_maintainer_project_access
project_creation_levels = [::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS]
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index b82dc3d5259..feb3d972d2a 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -38542,6 +38542,9 @@ msgstr ""
msgid "encrypted: needs to be a :required, :optional or :migrating!"
msgstr ""
+msgid "ending with MIME type format is not allowed."
+msgstr ""
+
msgid "entries cannot be larger than 255 characters"
msgstr ""
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index dc78ec2be21..2185df0609e 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -387,6 +387,19 @@ RSpec.describe User do
expect(user.errors.full_messages).to eq(['Username has already been taken'])
end
end
+
+ it 'validates format' do
+ Mime::EXTENSION_LOOKUP.keys.each do |type|
+ user = build(:user, username: "test.#{type}")
+
+ expect(user).not_to be_valid
+ expect(user.errors.full_messages).to include('Username ending with MIME type format is not allowed.')
+ end
+ end
+
+ it 'validates format on updated record' do
+ expect(create(:user).update(username: 'profile.html')).to be_falsey
+ end
end
it 'has a DB-level NOT NULL constraint on projects_limit' do
diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb
index e7e26c34a83..529a75af122 100644
--- a/spec/requests/api/projects_spec.rb
+++ b/spec/requests/api/projects_spec.rb
@@ -56,7 +56,7 @@ RSpec.describe API::Projects do
let_it_be(:project, reload: true) { create(:project, :repository, create_branch: 'something_else', namespace: user.namespace) }
let_it_be(:project2, reload: true) { create(:project, namespace: user.namespace) }
let_it_be(:project_member) { create(:project_member, :developer, user: user3, project: project) }
- let_it_be(:user4) { create(:user, username: 'user.with.dot') }
+ let_it_be(:user4) { create(:user, username: 'user.withdot') }
let_it_be(:project3, reload: true) do
create(:project,
:private,
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index a9231b65c8f..d724cb9612c 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -4,7 +4,7 @@ require 'spec_helper'
RSpec.describe API::Users do
let_it_be(:admin) { create(:admin) }
- let_it_be(:user, reload: true) { create(:user, username: 'user.with.dot') }
+ let_it_be(:user, reload: true) { create(:user, username: 'user.withdot') }
let_it_be(:key) { create(:key, user: user) }
let_it_be(:gpg_key) { create(:gpg_key, user: user) }
let_it_be(:email) { create(:email, user: user) }