discourse/lib/validators/min_username_length_validator.rb
Rafael dos Santos Silva 75e40baa64
FIX: min/max username length limits weren't validated (#17382)
* FIX: min/max username length limits weren't validated

The custom validators introduced in e0d7cda made so we ignored the mix
and max values set on site_settings.yml. That change allowed admins to
set values outside of the range defined on the yaml file.

Related to https://meta.discourse.org/t/group-names-with-more-than-60-characters-broken/232115?u=falco

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2022-07-08 12:00:47 -03:00

30 lines
843 B
Ruby

# frozen_string_literal: true
class MinUsernameLengthValidator
MIN_USERNAME_LENGTH_RANGE = 1..60
def initialize(opts = {})
@opts = opts
end
def valid_value?(value)
if !MIN_USERNAME_LENGTH_RANGE.cover?(value)
@min_range_violation = true
return false
end
return false if value > SiteSetting.max_username_length
@username = User.where('length(username) < ?', value).pluck_first(:username)
@username.blank?
end
def error_message
if @min_length_violation
I18n.t('site_settings.errors.invalid_integer_min_max', min: MIN_USERNAME_LENGTH_RANGE.begin, max: MIN_USERNAME_LENGTH_RANGE.end)
elsif @username.blank?
I18n.t("site_settings.errors.min_username_length_range")
else
I18n.t("site_settings.errors.min_username_length_exists", username: @username)
end
end
end