From df988a20eb1a3282413538d0e5a060eaa0fcc074 Mon Sep 17 00:00:00 2001 From: Kane York Date: Wed, 1 Jul 2015 13:44:53 -0700 Subject: [PATCH] FEATURE: Reserved usernames A list of usernames that will be blocked from being used to sign up. --- app/controllers/users_controller.rb | 4 ++++ config/locales/server.en.yml | 3 +++ config/site_settings.yml | 3 +++ spec/controllers/users_controller_spec.rb | 7 +++++++ 4 files changed, 17 insertions(+) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index ad0b3699fcb..92588d9ca9e 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -231,6 +231,10 @@ class UsersController < ApplicationController return fail_with("login.password_too_long") end + if SiteSetting.reserved_usernames.include? params[:username].downcase + return fail_with("login.reserved_username") + end + user = User.new(user_params) # Handle custom fields diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml index 6e0d42b25db..a0d42d9f269 100644 --- a/config/locales/server.en.yml +++ b/config/locales/server.en.yml @@ -886,6 +886,8 @@ en: min_username_length: "Minimum username length in characters. WARNING: ANY EXISTING USERS WITH NAMES SHORTER THAN THIS WILL BE UNABLE TO ACCESS THE SITE." max_username_length: "Maximum username length in characters. WARNING: ANY EXISTING USERS WITH NAMES LONGER THAN THIS WILL BE UNABLE TO ACCESS THE SITE." + reserved_usernames: "Usernames for which signup is not allowed." + min_password_length: "Minimum password length." block_common_passwords: "Don't allow passwords that are in the 10,000 most common passwords." @@ -1287,6 +1289,7 @@ en: omniauth_error_unknown: "Something went wrong processing your log in, please try again." new_registrations_disabled: "New account registrations are not allowed at this time." password_too_long: "Passwords are limited to 200 characters." + reserved_username: "That username is not allowed." missing_user_field: "You have not completed all the user fields" close_window: "Authentication is complete. Close this window to continue." diff --git a/config/site_settings.yml b/config/site_settings.yml index ab50ecfd4ff..15b18b07cab 100644 --- a/config/site_settings.yml +++ b/config/site_settings.yml @@ -263,6 +263,9 @@ users: default: 20 min: 8 max: 60 + reserved_usernames: + type: list + default: "admin|moderator|administrator|mod|sys|system|community|info|you|name|username|user|nickname|discourse|discourseorg|discourseforum" min_password_length: client: true default: 8 diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb index cf657684eaf..0103bb26fe1 100644 --- a/spec/controllers/users_controller_spec.rb +++ b/spec/controllers/users_controller_spec.rb @@ -600,6 +600,13 @@ describe UsersController do include_examples 'failed signup' end + context 'with a reserved username' do + let(:create_params) { {name: @user.name, username: 'Reserved', email: @user.email, password: "x" * 20} } + before { SiteSetting.reserved_usernames = 'a|reserved|b' } + after { SiteSetting.reserved_usernames = nil } + include_examples 'failed signup' + end + context 'when an Exception is raised' do [ ActiveRecord::StatementInvalid, RestClient::Forbidden ].each do |exception|