jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

users: add stricter username rules.

Browse Source 
Add stricter username rules:

* Only allow usernames to contain basic letters, numbers, CJK characters, underscores, dashes and periods.
* Don't allow names to start or end with punctuation.
* Don't allow names to have multiple underscores in a row.
* Don't allow active users to have names that look like deleted users (e.g. "user_1234").
* Don't allow emoji or any other Unicode characters except for Chinese, Japanese, and Korean
  characters. CJK characters are currently grandfathered in but will be disallowed in the future.

Users with an invalid name will be shown a permanent sitewide banner until they change their name.
This commit is contained in:
evazion
2022-03-05 00:46:49 -06:00
parent ca98e218a1
commit a160a3acce
7 changed files with 140 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
app/logical/user_name_validator.rb
View File

@@ -7,14 +7,33 @@
#
# @see https://guides.rubyonrails.org/active_record_validations.html#custom-validators
class UserNameValidator < ActiveModel::EachValidator
def validate_each(rec, attr, value)
name = value
ALLOWED_PUNCTUATION = "_.-" # All other punctuation characters are forbidden
rec.errors.add(attr, "already exists") if User.find_by_name(name).present?
rec.errors.add(attr, "must be more than 1 character long") if name.length <= 1
rec.errors.add(attr, "must be less than 25 characters long") if name.length >= 25
rec.errors.add(attr, "cannot have whitespace or colons") if name =~ /[[:space:]]|:/
rec.errors.add(attr, "cannot begin or end with an underscore") if name =~ /\A_|_\z/
rec.errors.add(attr, "is not allowed") if name =~ Regexp.union(Danbooru.config.user_name_blacklist)
def validate_each(rec, attr, name)
forbidden_characters = name.delete(ALLOWED_PUNCTUATION).chars.grep(/[[:punct:]]/).uniq
if rec.new_record? && User.find_by_name(name).present?
rec.errors.add(attr, "already exists")
elsif name.length <= 1
rec.errors.add(attr, "must be more than 1 character long")
elsif name.length >= 25
rec.errors.add(attr, "must be less than 25 characters long")
elsif name =~ /[[:space:]]/
rec.errors.add(attr, "can't contain whitespace")
elsif name =~ /\A[[:punct:]]/
rec.errors.add(attr, "can't start with '#{name.first}'")
elsif name =~ /[[:punct:]]\z/
rec.errors.add(attr, "can't end with '#{name.last}'")
elsif name =~ /__/
rec.errors.add(attr, "can't contain multiple underscores in a row")
elsif forbidden_characters.present?
rec.errors.add(attr, "can't contain #{forbidden_characters.map { |c| "'#{c}'" }.to_sentence}")
elsif name !~ /\A([a-zA-Z0-9]|\p{Han}|\p{Hangul}|\p{Hiragana}|\p{Katakana}|[#{ALLOWED_PUNCTUATION}])+\z/
rec.errors.add(attr, "must contain only basic letters or numbers")
elsif name =~ /\Auser_\d+\z/i
rec.errors.add(attr, "can't be the same as a deleted user")
elsif name =~ Regexp.union(Danbooru.config.user_name_blacklist)
rec.errors.add(attr, "is not allowed")
end
end
end

16
app/models/user.rb
View File

@@ -1,6 +1,8 @@
# frozen_string_literal: true
class User < ApplicationRecord
extend Memoist
class PrivilegeError < StandardError; end
module Levels
@@ -204,6 +206,18 @@ class User < ApplicationRecord
errors.add(:base, "Can't enable privacy mode without a Gold account")
end
end
def name_errors
User.validators_on(:name).each do |validator|
validator.validate_each(self, :name, name)
end
errors
end
def name_invalid?
name_errors.present?
end
end
concerning :AuthenticationMethods do
@@ -695,4 +709,6 @@ class User < ApplicationRecord
def self.available_includes
[:inviter]
end
memoize :name_errors
end

7
app/views/layouts/default.html.erb
View File

@@ -104,6 +104,13 @@
<%= render "users/dmail_notice" %>
<% end %>
<% if !CurrentUser.user.is_anonymous? && CurrentUser.user.name_invalid? %>
<div class="notice notice-error notice-large" id="invalid-name-notice">
<h2>Action required </h2>
<div>You must <%= link_to "change your username", new_user_name_change_request_path %> to continue using <%= Danbooru.config.canonical_app_name %>.</div>
</div>
<% end %>
<div class="notice notice-info" id="notice" style="<%= "display: none;" unless flash[:notice] %>">
<span class="prose"><%= format_text(flash[:notice], inline: true) %>.</span>
<a href="#" id="close-notice-link">close</a>

31
app/views/user_name_change_requests/new.html.erb
View File

@@ -1,13 +1,32 @@
<div id="c-user-name-change-requests">
<div id="a-new">
<h1>Name Change Request</h1>
<div id="a-new" class="fixed-width-container">
<h1>Change Name</h1>
<p>You can request a name change once per week. Your previous names will still
be visible on your profile to other Danbooru members, but they won't be visible
to search engines.</p>
<% if CurrentUser.user.name_invalid? %>
<p> Your current username is invalid. You must change your username to continue
using <%= Danbooru.config.canonical_app_name %>.</p>
<p>
Current name: <b><%= CurrentUser.user.name %></b>.<br>
Error: <%= CurrentUser.user.name_errors.full_messages.join(". ").html_safe %>.
</p>
<% end %>
<div class="prose mt-4 mb-4">
<h6>Rules</h6>
<ul>
<li>Names can contain only letters, numbers, underscore ('_'), period ('.'), and dash ('-') characters.</li>
<li>Names must start and end with a letter or number.</li>
<li>Names must be less than 25 characters long.</li>
<li>Names can't insult or impersonate other users.</li>
<li>Names are case-insensitive.</li>
<li>Your previous names will be visible on your profile to other Danbooru members, but they won't be visible to search engines.</li>
<li>You can't change your name more than once per week.</li>
</ul>
</div>
<%= edit_form_for(@change_request) do |f| %>
<%= f.input :desired_name, label: "Name" %>
<%= f.input :desired_name, label: "New name" %>
<%= f.input :desired_name_confirmation, label: "Confirm name" %>
<%= f.submit "Submit", "data-confirm": "Are you sure you want to change your name?" %>
<% end %>