Merge pull request #3585 from riking/patch-3

FEATURE: Reserved usernames
2024-11-29 20:24:05 -06:00 · 2015-07-03 10:02:24 -04:00 · 2015-07-03 10:02:24 -04:00 · be664857be
commit be664857be
parent 7676c5dfe7 df988a20eb
4 changed files with 17 additions and 0 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -231,6 +231,10 @@ class UsersController < ApplicationController
      return fail_with("login.password_too_long")
    end

+    if SiteSetting.reserved_usernames.include? params[:username].downcase
+      return fail_with("login.reserved_username")
+    end
+
    user = User.new(user_params)

    # Handle custom fields
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@ -887,6 +887,8 @@ en:
    min_username_length: "Minimum username length in characters. WARNING: ANY EXISTING USERS WITH NAMES SHORTER THAN THIS WILL BE UNABLE TO ACCESS THE SITE."
    max_username_length: "Maximum username length in characters. WARNING: ANY EXISTING USERS WITH NAMES LONGER THAN THIS WILL BE UNABLE TO ACCESS THE SITE."

+    reserved_usernames: "Usernames for which signup is not allowed."
+
    min_password_length: "Minimum password length."
    block_common_passwords: "Don't allow passwords that are in the 10,000 most common passwords."

@ -1288,6 +1290,7 @@ en:
    omniauth_error_unknown: "Something went wrong processing your log in, please try again."
    new_registrations_disabled: "New account registrations are not allowed at this time."
    password_too_long: "Passwords are limited to 200 characters."
+    reserved_username: "That username is not allowed."
    missing_user_field: "You have not completed all the user fields"
    close_window: "Authentication is complete. Close this window to continue."

--- a/config/site_settings.yml
+++ b/config/site_settings.yml
@ -263,6 +263,9 @@ users:
    default: 20
    min: 8
    max: 60
+  reserved_usernames:
+    type: list
+    default: "admin|moderator|administrator|mod|sys|system|community|info|you|name|username|user|nickname|discourse|discourseorg|discourseforum"
  min_password_length:
    client: true
    default: 8
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@ -600,6 +600,13 @@ describe UsersController do
      include_examples 'failed signup'
    end

+    context 'with a reserved username' do
+      let(:create_params) { {name: @user.name, username: 'Reserved', email: @user.email, password: "x" * 20} }
+      before { SiteSetting.reserved_usernames = 'a|reserved|b' }
+      after { SiteSetting.reserved_usernames = nil }
+      include_examples 'failed signup'
+    end
+
    context 'when an Exception is raised' do
      [ ActiveRecord::StatementInvalid,
        RestClient::Forbidden ].each do |exception|