jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
c133866cb7356616fb62fb99e2ce9be2e017ccc2
danbooru/app/logical/user_name_validator.rb
evazion c133866cb7 users: don't allow users to choose reserved names. 
Don't allow users to choose names that conflict with search syntax, like `any` or `none`, or names
that impersonate user levels, like `Admin`, `Moderator`, `Anonymous`, etc.
2022-11-06 16:00:07 -06:00

51 lines
2.3 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
# Define a custom validator for user names.
#
# @example
# validates :name, user_name: true
#
# @see https://guides.rubyonrails.org/active_record_validations.html#custom-validators
class UserNameValidator < ActiveModel::EachValidator
ALLOWED_PUNCTUATION = "_.-" # All other punctuation characters are forbidden
RESERVED_NAMES = [
"any", "none", # conflicts with `approver:any` search syntax
"new", "deactivate", "custom_style", # conflicts with user routes (/users/new, /users/deactivate, /users/custom_style)
"mod", "administrator", # mod impersonation
*User::Roles.map(&:to_s) # owner, admin, moderator, anonymous, banned, etc
]
def validate_each(rec, attr, name)
forbidden_characters = name.delete(ALLOWED_PUNCTUATION).chars.grep(/[[:punct:]]/).uniq
if rec.new_record? && User.find_by_name(name).present?
rec.errors.add(attr, "already exists")
elsif name.length <= 1
rec.errors.add(attr, "must be more than 1 character long")
elsif name.length >= 25
rec.errors.add(attr, "must be less than 25 characters long")
elsif name =~ /[[:space:]]/
rec.errors.add(attr, "can't contain whitespace")
elsif name =~ /\A[[:punct:]]/
rec.errors.add(attr, "can't start with '#{name.first}'")
elsif name =~ /[[:punct:]]\z/
rec.errors.add(attr, "can't end with '#{name.last}'")
elsif name =~ /\.(html|json|xml|atom|rss|txt|js|css|csv|png|jpg|jpeg|gif|png|avif|webp|mp4|webm|zip|pdf|exe|sitemap)\z/i
rec.errors.add(attr, "can't end with a file extension")
elsif name =~ /__/
rec.errors.add(attr, "can't contain multiple underscores in a row")
elsif forbidden_characters.present?
rec.errors.add(attr, "can't contain #{forbidden_characters.map { |c| "'#{c}'" }.to_sentence}")
elsif name !~ /\A([a-zA-Z0-9]|\p{Han}|\p{Hangul}|\p{Hiragana}|\p{Katakana}|[#{ALLOWED_PUNCTUATION}])+\z/
rec.errors.add(attr, "must contain only basic letters or numbers")
elsif name =~ /\Auser_\d+\z/i
rec.errors.add(attr, "can't be the same as a deleted user")
elsif name.downcase.in?(RESERVED_NAMES)
rec.errors.add(attr, "is a reserved name and can't be used")
elsif name =~ Regexp.union(Danbooru.config.user_name_blacklist)
rec.errors.add(attr, "is not allowed")
end
end
end
Reference in New Issue View Git Blame Copy Permalink