FIX: Fix routes ending in :username for usernames containing periods (#6660)

2024-11-23 01:47:22 +08:00 · 2018-11-23 17:41:41 +00:00 · 2018-11-23 17:41:41 +00:00 · a3ed570124
commit a3ed570124
parent 5142911012
4 changed files with 38 additions and 17 deletions
--- a/config/routes.rb
+++ b/config/routes.rb
@ -386,7 +386,7 @@ Discourse::Application.routes.draw do
    get "#{root_path}/:username/messages/tags/:tag_id" => "user_actions#private_messages", constraints: StaffConstraint.new
    get "#{root_path}/:username.json" => "users#show", constraints: { username: RouteFormat.username }, defaults: { format: :json }
    get({ "#{root_path}/:username" => "users#show", constraints: { username: RouteFormat.username, format: /(json|html)/ } }.merge(index == 1 ? { as: 'user' } : {}))
-    put "#{root_path}/:username" => "users#update", constraints: { username: RouteFormat.username }, defaults: { format: :json }
+    put "#{root_path}/:username" => "users#update", constraints: { username: RouteFormat.username, format: /(json|html)/ }, defaults: { format: :json }
    get "#{root_path}/:username/emails" => "users#check_emails", constraints: { username: RouteFormat.username }
    get({ "#{root_path}/:username/preferences" => "users#preferences", constraints: { username: RouteFormat.username } }.merge(index == 1 ? { as: :email_preferences } : {}))
    get "#{root_path}/:username/preferences/email" => "users_email#index", constraints: { username: RouteFormat.username }
@ -427,7 +427,7 @@ Discourse::Application.routes.draw do
    get "#{root_path}/:username/notifications" => "users#show", constraints: { username: RouteFormat.username }
    get "#{root_path}/:username/notifications/:filter" => "users#show", constraints: { username: RouteFormat.username }
    get "#{root_path}/:username/activity/pending" => "users#show", constraints: { username: RouteFormat.username }
-    delete "#{root_path}/:username" => "users#destroy", constraints: { username: RouteFormat.username }
+    delete "#{root_path}/:username" => "users#destroy", constraints: { username: RouteFormat.username, format: /(json|html)/ }
    get "#{root_path}/by-external/:external_id" => "users#show", constraints: { external_id: /[^\/]+/ }
    get "#{root_path}/:username/flagged-posts" => "users#show", constraints: { username: RouteFormat.username }
    get "#{root_path}/:username/deleted-posts" => "users#show", constraints: { username: RouteFormat.username }
@ -436,7 +436,7 @@ Discourse::Application.routes.draw do
  end

  get "user-badges/:username.json" => "user_badges#username", constraints: { username: RouteFormat.username }, defaults: { format: :json }
-  get "user-badges/:username" => "user_badges#username", constraints: { username: RouteFormat.username }
+  get "user-badges/:username" => "user_badges#username", constraints: { username: RouteFormat.username, format: /(json|html)/ }

  post "user_avatar/:username/refresh_gravatar" => "user_avatars#refresh_gravatar", constraints: { username: RouteFormat.username }
  get "letter_avatar/:username/:size/:version.png" => "user_avatars#show_letter", format: false, constraints: { hostname: /[\w\.-]+/, size: /\d+/, username: RouteFormat.username }
@ -641,11 +641,11 @@ Discourse::Application.routes.draw do
  get "topics/feature_stats"

  scope "/topics", username: RouteFormat.username do
-    get "created-by/:username" => "list#topics_by", as: "topics_by"
-    get "private-messages/:username" => "list#private_messages", as: "topics_private_messages"
-    get "private-messages-sent/:username" => "list#private_messages_sent", as: "topics_private_messages_sent"
-    get "private-messages-archive/:username" => "list#private_messages_archive", as: "topics_private_messages_archive"
-    get "private-messages-unread/:username" => "list#private_messages_unread", as: "topics_private_messages_unread"
+    get "created-by/:username" => "list#topics_by", as: "topics_by", constraints: { format: /(json|html)/ }, defaults: { format: :json }
+    get "private-messages/:username" => "list#private_messages", as: "topics_private_messages", constraints: { format: /(json|html)/ }, defaults: { format: :json }
+    get "private-messages-sent/:username" => "list#private_messages_sent", as: "topics_private_messages_sent", constraints: { format: /(json|html)/ }, defaults: { format: :json }
+    get "private-messages-archive/:username" => "list#private_messages_archive", as: "topics_private_messages_archive", constraints: { format: /(json|html)/ }, defaults: { format: :json }
+    get "private-messages-unread/:username" => "list#private_messages_unread", as: "topics_private_messages_unread", constraints: { format: /(json|html)/ }, defaults: { format: :json }
    get "private-messages-tags/:username/:tag_id.json" => "list#private_messages_tag", as: "topics_private_messages_tag", constraints: StaffConstraint.new
    get "groups/:group_name" => "list#group_topics", as: "group_topics", group_name: RouteFormat.username

--- a/spec/requests/list_controller_spec.rb
+++ b/spec/requests/list_controller_spec.rb
@ -466,6 +466,14 @@ RSpec.describe ListController do
      json = JSON.parse(response.body)
      expect(json["topic_list"]["topics"].size).to eq(1)
    end
+
+    it "should work with period in username" do
+      user.update!(username: "myname.test")
+      get "/topics/created-by/#{user.username}", xhr: true
+      expect(response.status).to eq(200)
+      json = JSON.parse(response.body)
+      expect(json["topic_list"]["topics"].size).to eq(1)
+    end
  end

  describe "private_messages" do
--- a/spec/requests/user_badges_controller_spec.rb
+++ b/spec/requests/user_badges_controller_spec.rb
@ -42,6 +42,15 @@ describe UserBadgesController do
      expect(parsed["user_badges"].length).to eq(1)
    end

+    it 'returns user_badges for a user with period in username' do
+      user.update!(username: "myname.test")
+      get "/user-badges/#{user.username}", xhr: true
+
+      expect(response.status).to eq(200)
+      parsed = JSON.parse(response.body)
+      expect(parsed["user_badges"].length).to eq(1)
+    end
+
    it 'returns user_badges for a badge' do
      get "/user_badges.json", params: { badge_id: badge.id }

--- a/spec/requests/users_controller_spec.rb
+++ b/spec/requests/users_controller_spec.rb
@ -1429,21 +1429,14 @@ describe UsersController do
      before do
        sign_in(user)
      end
-      let(:user) { Fabricate(:user) }
+      let(:user) { Fabricate(:user, username: 'test.test', name: "Test User") }

      it "should be able to update a user" do
-        put "/u/#{user.username}.json", params: { name: 'test.test' }
+        put "/u/#{user.username}", params: { name: 'test.test' }

        expect(response.status).to eq(200)
        expect(user.reload.name).to eq('test.test')
      end
-
-      it "should be able to update a user" do
-        put "/u/#{user.username}.json", params: { name: 'testing123' }
-
-        expect(response.status).to eq(200)
-        expect(user.reload.name).to eq('testing123')
-      end
    end

    context "as a staff user" do
@ -2027,6 +2020,17 @@ describe UsersController do
    end
  end

+  describe "for user with period in username" do
+    let(:user_with_period) { Fabricate(:user, username: "myname.test") }
+
+    it "still works" do
+      sign_in(user_with_period)
+      UserDestroyer.any_instance.expects(:destroy).with(user_with_period, anything).returns(user_with_period)
+      delete "/u/#{user_with_period.username}", xhr: true
+      expect(response.status).to eq(200)
+    end
+  end
+
  describe '#my_redirect' do
    it "redirects if the user is not logged in" do
      get "/my/wat.json"