]> git.openstreetmap.org Git - rails.git/commitdiff
projects / rails.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw (from parent 1: 0b05f47)
Merge pull request #4218 from AntonKhorev/no-user-id-renames
authorAndy Allan <git@gravitystorm.co.uk>
Thu, 18 Jan 2024 10:47:17 +0000 (10:47 +0000)
committerGitHub <noreply@github.com>
Thu, 18 Jan 2024 10:47:17 +0000 (10:47 +0000)
Disallow username changes to user_n if n isn't their id

.rubocop_todo.yml patch | blob | history
app/models/user.rb patch | blob | history
config/locales/en.yml patch | blob | history
test/models/user_test.rb patch | blob | history

diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
index 8a196f52e0317b45cc56b4c4ca856e4d353efa97..9874aa3793a18cb1e65b2e9f7374ce6eabeeaeee 100644 (file)
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@@ -66,7 +66,7 @@ Metrics/BlockNesting:
 # Offense count: 26
 # Configuration parameters: CountComments, CountAsOne.
 Metrics/ClassLength:
-  Max: 299
+  Max: 305
 
 # Offense count: 59
 # Configuration parameters: AllowedMethods, AllowedPatterns.
diff --git a/app/models/user.rb b/app/models/user.rb
index b04f8e2b914c274babd1d9aec55c5f85ce4705e7..7ca7b7a3b5294a220a201034121987432f76ae92 100644 (file)
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -100,6 +100,7 @@ class User < ApplicationRecord
   validates :display_name, :if => proc { |u| u.display_name_changed? },
                            :characters => { :url_safe => true },
                            :whitespace => { :leading => false, :trailing => false }
+  validate :display_name_cannot_be_user_id_with_other_id, :if => proc { |u| u.display_name_changed? }
   validates :email, :presence => true, :confirmation => true, :characters => true
   validates :email, :if => proc { |u| u.email_changed? },
                     :uniqueness => { :case_sensitive => false }
@@ -124,6 +125,12 @@ class User < ApplicationRecord
   before_save :update_tile
   after_save :spam_check
 
+  def display_name_cannot_be_user_id_with_other_id
+    display_name&.match(/^user_(\d+)$/i) do |m|
+      errors.add :display_name, I18n.t("activerecord.errors.messages.display_name_is_user_n") unless m[1].to_i == id
+    end
+  end
+
   def to_param
     display_name
   end
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 653e363a67bcfb6d39927c5df0c99457a4e09192..ca22de9bde23f9c723608dabf6feb4b02ad679c3 100644 (file)
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -40,6 +40,7 @@ en:
       messages:
         invalid_email_address: does not appear to be a valid e-mail address
         email_address_not_routable: is not routable
+        display_name_is_user_n: can't be user_n unless n is your user id
       models:
         user_mute:
           attributes:
diff --git a/test/models/user_test.rb b/test/models/user_test.rb
index d21512f2a1861d317c13664f5ebcbc7ef17d3f39..42949504f633925b8a6473cd203972ab944d9a71 100644 (file)
--- a/test/models/user_test.rb
+++ b/test/models/user_test.rb
@@ -94,6 +94,36 @@ class UserTest < ActiveSupport::TestCase
     end
   end
 
+  def test_display_name_user_id_new
+    existing_user = create(:user)
+    user = build(:user)
+
+    user.display_name = "user_#{existing_user.id}"
+    assert_not user.valid?, "user_<id> name is valid for existing user id when it shouldn't be"
+
+    user.display_name = "user_#{existing_user.id + 1}"
+    assert_not user.valid?, "user_<id> name is valid for new user id when it shouldn't be"
+  end
+
+  def test_display_name_user_id_rename
+    existing_user = create(:user)
+    user = create(:user)
+
+    user.display_name = "user_#{existing_user.id}"
+    assert_not user.valid?, "user_<id> name is valid for existing user id when it shouldn't be"
+
+    user.display_name = "user_#{user.id}"
+    assert_predicate user, :valid?, "user_<id> name is invalid for own id, when it should be"
+  end
+
+  def test_display_name_user_id_unchanged_is_valid
+    user = build(:user, :display_name => "user_0")
+    user.save(:validate => false)
+    user.reload
+
+    assert_predicate user, :valid?, "user_0 display_name is invalid but it hasn't been changed"
+  end
+
   def test_friends_with
     alice = create(:user, :active)
     bob = create(:user, :active)
The OpenStreetMap web site