users: lock out users with invalid names until they change their name.

Forcibly redirect users to the name change page if their name is invalid. This means user with invalid names can't do anything or view any pages until they change their name. API requests are still allowed.
2022-03-07 04:21:17 -06:00
parent 1028bb1c71
commit 525acd17a5
3 changed files with 12 additions and 3 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -15,6 +15,7 @@ class ApplicationController < ActionController::Base
  before_action :set_variant
  before_action :add_headers
  before_action :cause_error
+  before_action :redirect_if_name_invalid?
  after_action :skip_session_if_publicly_cached
  after_action :reset_current_user
  layout "default"
@@ -198,6 +199,13 @@ class ApplicationController < ActionController::Base
    render_error_page(status, error)
  end

+  def redirect_if_name_invalid?
+    if request.format.html? && CurrentUser.user.name_invalid?
+      flash[:notice] = "You must change your username to continue using #{Danbooru.config.app_name}"
+      redirect_to new_user_name_change_request_path
+    end
+  end
+
  def ip_ban_check
    raise User::PrivilegeError if !request.get? && IpBan.hit!(:full, CurrentUser.ip_addr)
  end
--- a/app/controllers/user_name_change_requests_controller.rb
+++ b/app/controllers/user_name_change_requests_controller.rb
@@ -3,6 +3,8 @@
 class UserNameChangeRequestsController < ApplicationController
  respond_to :html, :json, :xml

+  skip_before_action :redirect_if_name_invalid?
+
  def new
    @change_request = authorize UserNameChangeRequest.new(permitted_attributes(UserNameChangeRequest))
    respond_with(@change_request)
--- a/test/functional/application_controller_test.rb
+++ b/test/functional/application_controller_test.rb
@@ -76,13 +76,12 @@ class ApplicationControllerTest < ActionDispatch::IntegrationTest
    end

    context "when a user has an invalid username" do
-      should "show a warning banner" do
+      should "redirect to the name change page" do
        @user = create(:user)
        @user.update_columns(name: "foo__bar")

        get_auth posts_path, @user
-        assert_response :success
-        assert_select "#invalid-name-notice"
+        assert_redirected_to new_user_name_change_request_path
      end
    end