From 525acd17a5cb78fd88209a8450cd5e4eb4edf829 Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Mon, 7 Mar 2022 04:21:17 -0600
Subject: [PATCH] users: lock out users with invalid names until they change
 their name.

Forcibly redirect users to the name change page if their name is
invalid. This means user with invalid names can't do anything or view
any pages until they change their name. API requests are still allowed.
---
 app/controllers/application_controller.rb               | 8 ++++++++
 app/controllers/user_name_change_requests_controller.rb | 2 ++
 test/functional/application_controller_test.rb          | 5 ++---
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index d7bb63f6d..9012b2d09 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -15,6 +15,7 @@ class ApplicationController < ActionController::Base
   before_action :set_variant
   before_action :add_headers
   before_action :cause_error
+  before_action :redirect_if_name_invalid?
   after_action :skip_session_if_publicly_cached
   after_action :reset_current_user
   layout "default"
@@ -198,6 +199,13 @@ class ApplicationController < ActionController::Base
     render_error_page(status, error)
   end
 
+  def redirect_if_name_invalid?
+    if request.format.html? && CurrentUser.user.name_invalid?
+      flash[:notice] = "You must change your username to continue using #{Danbooru.config.app_name}"
+      redirect_to new_user_name_change_request_path
+    end
+  end
+
   def ip_ban_check
     raise User::PrivilegeError if !request.get? && IpBan.hit!(:full, CurrentUser.ip_addr)
   end
diff --git a/app/controllers/user_name_change_requests_controller.rb b/app/controllers/user_name_change_requests_controller.rb
index 4beda8c0b..8953f91b8 100644
--- a/app/controllers/user_name_change_requests_controller.rb
+++ b/app/controllers/user_name_change_requests_controller.rb
@@ -3,6 +3,8 @@
 class UserNameChangeRequestsController < ApplicationController
   respond_to :html, :json, :xml
 
+  skip_before_action :redirect_if_name_invalid?
+
   def new
     @change_request = authorize UserNameChangeRequest.new(permitted_attributes(UserNameChangeRequest))
     respond_with(@change_request)
diff --git a/test/functional/application_controller_test.rb b/test/functional/application_controller_test.rb
index 8fa07e359..e9b49d302 100644
--- a/test/functional/application_controller_test.rb
+++ b/test/functional/application_controller_test.rb
@@ -76,13 +76,12 @@ class ApplicationControllerTest < ActionDispatch::IntegrationTest
     end
 
     context "when a user has an invalid username" do
-      should "show a warning banner" do
+      should "redirect to the name change page" do
         @user = create(:user)
         @user.update_columns(name: "foo__bar")
 
         get_auth posts_path, @user
-        assert_response :success
-        assert_select "#invalid-name-notice"
+        assert_redirected_to new_user_name_change_request_path
       end
     end