From a03d29da1dbbef3c202899cef3cd89b453a8b76f Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@selenight.nl>
Date: Wed, 31 Jan 2018 11:39:03 -0600
Subject: Validate User username only on Namespace, and bubble up appropriately

---
 lib/constraints/user_url_constrainer.rb |  2 +-
 lib/gitlab/o_auth/user.rb               |  2 +-
 lib/gitlab/path_regex.rb                | 12 ------------
 3 files changed, 2 insertions(+), 14 deletions(-)

(limited to 'lib')

diff --git a/lib/constraints/user_url_constrainer.rb b/lib/constraints/user_url_constrainer.rb
index b7633aa7cbb..3b3ed1c6ddb 100644
--- a/lib/constraints/user_url_constrainer.rb
+++ b/lib/constraints/user_url_constrainer.rb
@@ -2,7 +2,7 @@ class UserUrlConstrainer
   def matches?(request)
     full_path = request.params[:username]
 
-    return false unless UserPathValidator.valid_path?(full_path)
+    return false unless NamespacePathValidator.valid_path?(full_path)
 
     User.find_by_full_path(full_path, follow_redirects: request.get?).present?
   end
diff --git a/lib/gitlab/o_auth/user.rb b/lib/gitlab/o_auth/user.rb
index e40a001d20c..a3e1c66c19f 100644
--- a/lib/gitlab/o_auth/user.rb
+++ b/lib/gitlab/o_auth/user.rb
@@ -178,7 +178,7 @@ module Gitlab
         valid_username = ::Namespace.clean_path(username)
 
         uniquify = Uniquify.new
-        valid_username = uniquify.string(valid_username) { |s| !UserPathValidator.valid_path?(s) }
+        valid_username = uniquify.string(valid_username) { |s| !NamespacePathValidator.valid_path?(s) }
 
         name = auth_hash.name
         name = valid_username if name.strip.empty?
diff --git a/lib/gitlab/path_regex.rb b/lib/gitlab/path_regex.rb
index 7e5dfd33502..ef3f786686a 100644
--- a/lib/gitlab/path_regex.rb
+++ b/lib/gitlab/path_regex.rb
@@ -171,26 +171,14 @@ module Gitlab
       @project_git_route_regex ||= /#{project_route_regex}\.git/.freeze
     end
 
-    def root_namespace_path_regex
-      @root_namespace_path_regex ||= %r{\A#{root_namespace_route_regex}/\z}
-    end
-
     def full_namespace_path_regex
       @full_namespace_path_regex ||= %r{\A#{full_namespace_route_regex}/\z}
     end
 
-    def project_path_regex
-      @project_path_regex ||= %r{\A#{project_route_regex}/\z}
-    end
-
     def full_project_path_regex
       @full_project_path_regex ||= %r{\A#{full_namespace_route_regex}/#{project_route_regex}/\z}
     end
 
-    def full_namespace_format_regex
-      @namespace_format_regex ||= /A#{FULL_NAMESPACE_FORMAT_REGEX}\z/.freeze
-    end
-
     def namespace_format_regex
       @namespace_format_regex ||= /\A#{NAMESPACE_FORMAT_REGEX}\z/.freeze
     end
-- 
cgit v1.2.3