mirror of
https://github.com/discourse/discourse.git
synced 2024-11-23 02:19:27 +08:00
75e40baa64
* FIX: min/max username length limits weren't validated
The custom validators introduced in e0d7cda
made so we ignored the mix
and max values set on site_settings.yml. That change allowed admins to
set values outside of the range defined on the yaml file.
Related to https://meta.discourse.org/t/group-names-with-more-than-60-characters-broken/232115?u=falco
Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
30 lines
842 B
Ruby
30 lines
842 B
Ruby
# frozen_string_literal: true
|
|
|
|
class MaxUsernameLengthValidator
|
|
MAX_USERNAME_LENGTH_RANGE = 8..60
|
|
|
|
def initialize(opts = {})
|
|
@opts = opts
|
|
end
|
|
|
|
def valid_value?(value)
|
|
if !MAX_USERNAME_LENGTH_RANGE.cover?(value)
|
|
@max_range_violation = true
|
|
return false
|
|
end
|
|
return false if value < SiteSetting.min_username_length
|
|
@username = User.where('length(username) > ?', value).pluck_first(:username)
|
|
@username.blank?
|
|
end
|
|
|
|
def error_message
|
|
if @max_range_violation
|
|
I18n.t('site_settings.errors.invalid_integer_min_max', min: MAX_USERNAME_LENGTH_RANGE.begin, max: MAX_USERNAME_LENGTH_RANGE.end)
|
|
elsif @username.blank?
|
|
I18n.t("site_settings.errors.max_username_length_range")
|
|
else
|
|
I18n.t("site_settings.errors.max_username_length_exists", username: @username)
|
|
end
|
|
end
|
|
end
|