diff options
| author | Douwe Maan <douwe@gitlab.com> | 2015-02-11 16:12:43 +0300 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2015-02-12 23:05:27 +0300 |
| commit | 6685661b549cdece3b93131af168b5174bc0403f (patch) | |
| tree | 07daec6105e14e906dcdfb7fd1d01a5fb6b13289 | |
| parent | 2dfd21983483bd5fd32b327edb4b02228b377c47 (diff) | |
Clean username acquired from OAuth/LDAP.
Fixes #1967.
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | app/models/user.rb | 16 | ||||
| -rw-r--r-- | lib/gitlab/oauth/user.rb | 10 | ||||
| -rw-r--r-- | spec/lib/gitlab/oauth/user_spec.rb | 2 | ||||
| -rw-r--r-- | spec/models/user_spec.rb | 10 |
5 files changed, 33 insertions, 6 deletions
diff --git a/CHANGELOG b/CHANGELOG index 6a90320b8bc..0b369acf483 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -75,6 +75,7 @@ v 7.8.0 (unreleased) - Added support for firing system hooks on group create/destroy and adding/removing users to group (Boyan Tabakov) - Added persistent collapse button for left side nav bar (Jason Blanchard) - Prevent losing unsaved comments by automatically restoring them when comment page is loaded again. + - Clean the username acquired from OAuth/LDAP so it doesn't fail username validation and block signing up. v 7.7.2 - Update GitLab Shell to version 2.4.2 that fixes a bug when developers can push to protected branch diff --git a/app/models/user.rb b/app/models/user.rb index 3a7dfabeafe..d7f688ec138 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -243,6 +243,22 @@ class User < ActiveRecord::Base def build_user(attrs = {}) User.new(attrs) end + + def clean_username(username) + username.gsub!(/@.*\z/, "") + username.gsub!(/\.git\z/, "") + username.gsub!(/\A-/, "") + username.gsub!(/[^a-zA-Z0-9_\-\.]/, "") + + counter = 0 + base = username + while by_login(username).present? + counter += 1 + username = "#{base}#{counter}" + end + + username + end end # diff --git a/lib/gitlab/oauth/user.rb b/lib/gitlab/oauth/user.rb index 6861427864e..9f55e8c4950 100644 --- a/lib/gitlab/oauth/user.rb +++ b/lib/gitlab/oauth/user.rb @@ -85,11 +85,11 @@ module Gitlab def user_attributes { - name: auth_hash.name, - username: auth_hash.username, - email: auth_hash.email, - password: auth_hash.password, - password_confirmation: auth_hash.password + name: auth_hash.name, + username: ::User.clean_username(auth_hash.username), + email: auth_hash.email, + password: auth_hash.password, + password_confirmation: auth_hash.password } end diff --git a/spec/lib/gitlab/oauth/user_spec.rb b/spec/lib/gitlab/oauth/user_spec.rb index 88307515789..2680794a747 100644 --- a/spec/lib/gitlab/oauth/user_spec.rb +++ b/spec/lib/gitlab/oauth/user_spec.rb @@ -8,7 +8,7 @@ describe Gitlab::OAuth::User do let(:auth_hash) { double(uid: uid, provider: provider, info: double(info_hash)) } let(:info_hash) do { - nickname: 'john', + nickname: '-john+gitlab-ETC%.git@gmail.com', name: 'John', email: 'john@mail.com' } diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 629d51b960d..7473054f481 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -301,6 +301,16 @@ describe User do end end + describe ".clean_username" do + + let!(:user1) { create(:user, username: "johngitlab-etc") } + let!(:user2) { create(:user, username: "JohnGitLab-etc1") } + + it "cleans a username and makes sure it's available" do + expect(User.clean_username("-john+gitlab-ETC%.git@gmail.com")).to eq("johngitlab-ETC2") + end + end + describe 'all_ssh_keys' do it { should have_many(:keys).dependent(:destroy) } |