From e7e577dd6e82d9b6ae3afa799a56953d0468deea Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Mon, 30 Jul 2018 22:29:52 +0200 Subject: [PATCH] Enforce username format for remote users, too (#8102) Initially I thought there might be valid reasons for remote users to have a different, unpredicted username format. However, I now realize such a difference would be unusable and unexpected within Mastodon. Fix #8058 --- app/models/account.rb | 1 + spec/models/account_spec.rb | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/app/models/account.rb b/app/models/account.rb index 1f720bf88..0272b4615 100644 --- a/app/models/account.rb +++ b/app/models/account.rb @@ -68,6 +68,7 @@ class Account < ApplicationRecord # Remote user validations validates :username, uniqueness: { scope: :domain, case_sensitive: true }, if: -> { !local? && will_save_change_to_username? } + validates :username, format: { with: /\A#{USERNAME_RE}\z/i }, if: -> { !local? && will_save_change_to_username? } # Local user validations validates :username, format: { with: /\A[a-z0-9_]+\z/i }, length: { maximum: 30 }, if: -> { local? && will_save_change_to_username? } diff --git a/spec/models/account_spec.rb b/spec/models/account_spec.rb index c50791bcd..ec01026db 100644 --- a/spec/models/account_spec.rb +++ b/spec/models/account_spec.rb @@ -618,10 +618,10 @@ RSpec.describe Account, type: :model do expect(account).not_to model_have_error_on_field(:username) end - it 'is valid even if the username doesn\'t only contains letters, numbers and underscores' do + it 'is invalid if the username doesn\'t only contains letters, numbers and underscores' do account = Fabricate.build(:account, domain: 'domain', username: 'the-doctor') account.valid? - expect(account).not_to model_have_error_on_field(:username) + expect(account).to model_have_error_on_field(:username) end it 'is valid even if the username is longer then 30 characters' do