Merge pull request #4218 from AntonKhorev/no-user-id-renames

Disallow username changes to user_n if n isn't their id
2024-01-18 10:47:17 +00:00 · 2024-01-18 10:47:17 +00:00 · 7406ae5dcc
commit 7406ae5dcc
parent 0b05f47016 0a21080192
4 changed files with 39 additions and 1 deletions
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@ -66,7 +66,7 @@ Metrics/BlockNesting:
 # Offense count: 26
 # Configuration parameters: CountComments, CountAsOne.
 Metrics/ClassLength:
-  Max: 299
+  Max: 305

 # Offense count: 59
 # Configuration parameters: AllowedMethods, AllowedPatterns.
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -100,6 +100,7 @@ class User < ApplicationRecord
  validates :display_name, :if => proc { |u| u.display_name_changed? },
                           :characters => { :url_safe => true },
                           :whitespace => { :leading => false, :trailing => false }
+  validate :display_name_cannot_be_user_id_with_other_id, :if => proc { |u| u.display_name_changed? }
  validates :email, :presence => true, :confirmation => true, :characters => true
  validates :email, :if => proc { |u| u.email_changed? },
                    :uniqueness => { :case_sensitive => false }
@ -124,6 +125,12 @@ class User < ApplicationRecord
  before_save :update_tile
  after_save :spam_check

+  def display_name_cannot_be_user_id_with_other_id
+    display_name&.match(/^user_(\d+)$/i) do |m|
+      errors.add :display_name, I18n.t("activerecord.errors.messages.display_name_is_user_n") unless m[1].to_i == id
+    end
+  end
+
  def to_param
    display_name
  end
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -40,6 +40,7 @@ en:
      messages:
        invalid_email_address: does not appear to be a valid e-mail address
        email_address_not_routable: is not routable
+        display_name_is_user_n: can't be user_n unless n is your user id
      models:
        user_mute:
          attributes:
--- a/test/models/user_test.rb
+++ b/test/models/user_test.rb
@ -94,6 +94,36 @@ class UserTest < ActiveSupport::TestCase
    end
  end

+  def test_display_name_user_id_new
+    existing_user = create(:user)
+    user = build(:user)
+
+    user.display_name = "user_#{existing_user.id}"
+    assert_not user.valid?, "user_<id> name is valid for existing user id when it shouldn't be"
+
+    user.display_name = "user_#{existing_user.id + 1}"
+    assert_not user.valid?, "user_<id> name is valid for new user id when it shouldn't be"
+  end
+
+  def test_display_name_user_id_rename
+    existing_user = create(:user)
+    user = create(:user)
+
+    user.display_name = "user_#{existing_user.id}"
+    assert_not user.valid?, "user_<id> name is valid for existing user id when it shouldn't be"
+
+    user.display_name = "user_#{user.id}"
+    assert_predicate user, :valid?, "user_<id> name is invalid for own id, when it should be"
+  end
+
+  def test_display_name_user_id_unchanged_is_valid
+    user = build(:user, :display_name => "user_0")
+    user.save(:validate => false)
+    user.reload
+
+    assert_predicate user, :valid?, "user_0 display_name is invalid but it hasn't been changed"
+  end
+
  def test_friends_with
    alice = create(:user, :active)
    bob = create(:user, :active)