Add ability to block words in usernames (#35407)

2025-07-29 12:19:15 +02:00
parent 8cf7a77808
commit 20bbd20ef1
28 changed files with 560 additions and 34 deletions
--- a/config/i18n-tasks.yml
+++ b/config/i18n-tasks.yml
@@ -72,6 +72,8 @@ ignore_unused:
  - 'preferences.other' # some locales are missing other keys, therefore leading i18n-tasks to detect `preferences` as plural and not finding use
  - 'edit_profile.other' # some locales are missing other keys, therefore leading i18n-tasks to detect `preferences` as plural and not finding use
  - 'admin.terms_of_service.generate' # temporarily disabled
+  - 'admin.username_blocks.matches_exactly_html'
+  - 'admin.username_blocks.contains_html'

 ignore_inconsistent_interpolations:
  - '*.one'
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -190,6 +190,7 @@ en:
        create_relay: Create Relay
        create_unavailable_domain: Create Unavailable Domain
        create_user_role: Create Role
+        create_username_block: Create Username Rule
        demote_user: Demote User
        destroy_announcement: Delete Announcement
        destroy_canonical_email_block: Delete Email Block
@@ -203,6 +204,7 @@ en:
        destroy_status: Delete Post
        destroy_unavailable_domain: Delete Unavailable Domain
        destroy_user_role: Destroy Role
+        destroy_username_block: Delete Username Rule
        disable_2fa_user: Disable 2FA
        disable_custom_emoji: Disable Custom Emoji
        disable_relay: Disable Relay
@@ -237,6 +239,7 @@ en:
        update_report: Update Report
        update_status: Update Post
        update_user_role: Update Role
+        update_username_block: Update Username Rule
      actions:
        approve_appeal_html: "%{name} approved moderation decision appeal from %{target}"
        approve_user_html: "%{name} approved sign-up from %{target}"
@@ -255,6 +258,7 @@ en:
        create_relay_html: "%{name} created a relay %{target}"
        create_unavailable_domain_html: "%{name} stopped delivery to domain %{target}"
        create_user_role_html: "%{name} created %{target} role"
+        create_username_block_html: "%{name} added rule for usernames containing %{target}"
        demote_user_html: "%{name} demoted user %{target}"
        destroy_announcement_html: "%{name} deleted announcement %{target}"
        destroy_canonical_email_block_html: "%{name} unblocked email with the hash %{target}"
@@ -268,6 +272,7 @@ en:
        destroy_status_html: "%{name} removed post by %{target}"
        destroy_unavailable_domain_html: "%{name} resumed delivery to domain %{target}"
        destroy_user_role_html: "%{name} deleted %{target} role"
+        destroy_username_block_html: "%{name} removed rule for usernames containing %{target}"
        disable_2fa_user_html: "%{name} disabled two factor requirement for user %{target}"
        disable_custom_emoji_html: "%{name} disabled emoji %{target}"
        disable_relay_html: "%{name} disabled the relay %{target}"
@@ -302,6 +307,7 @@ en:
        update_report_html: "%{name} updated report %{target}"
        update_status_html: "%{name} updated post by %{target}"
        update_user_role_html: "%{name} changed %{target} role"
+        update_username_block_html: "%{name} updated rule for usernames containing %{target}"
      deleted_account: deleted account
      empty: No logs found.
      filter_by_action: Filter by action
@@ -1085,6 +1091,25 @@ en:
          other: Used by %{count} people over the last week
      title: Recommendations & Trends
      trending: Trending
+    username_blocks:
+      add_new: Add new
+      block_registrations: Block registrations
+      comparison:
+        contains: Contains
+        equals: Equals
+      contains_html: Contains %{string}
+      created_msg: Successfully created username rule
+      delete: Delete
+      edit:
+        title: Edit username rule
+      matches_exactly_html: Equals %{string}
+      new:
+        create: Create rule
+        title: Create new username rule
+      no_username_block_selected: No username rules were changed as none were selected
+      not_permitted: Not permitted
+      title: Username rules
+      updated_msg: Successfully updated username rule
    warning_presets:
      add_new: Add new
      delete: Delete
--- a/config/locales/simple_form.en.yml
+++ b/config/locales/simple_form.en.yml
@@ -160,6 +160,10 @@ en:
        name: Public name of the role, if role is set to be displayed as a badge
        permissions_as_keys: Users with this role will have access to...
        position: Higher role decides conflict resolution in certain situations. Certain actions can only be performed on roles with a lower priority
+      username_block:
+        allow_with_approval: Instead of preventing sign-up outright, matching sign-ups will require your approval
+        comparison: Please be mindful of the Scunthorpe Problem when blocking partial matches
+        username: Will be matched regardless of casing and common homoglyphs like "4" for "a" or "3" for "e"
      webhook:
        events: Select events to send
        template: Compose your own JSON payload using variable interpolation. Leave blank for default JSON.
@@ -371,6 +375,10 @@ en:
        name: Name
        permissions_as_keys: Permissions
        position: Priority
+      username_block:
+        allow_with_approval: Allow registrations with approval
+        comparison: Method of comparison
+        username: Word to match
      webhook:
        events: Enabled events
        template: Payload template
--- a/config/navigation.rb
+++ b/config/navigation.rb
@@ -59,6 +59,7 @@ SimpleNavigation::Configuration.run do |navigation|
        current_user.can?(:manage_federation)
      }
      s.item :email_domain_blocks, safe_join([material_symbol('mail'), t('admin.email_domain_blocks.title')]), admin_email_domain_blocks_path, highlights_on: %r{/admin/email_domain_blocks}, if: -> { current_user.can?(:manage_blocks) }
+      s.item :username_blocks, safe_join([material_symbol('supervised_user_circle_off'), t('admin.username_blocks.title')]), admin_username_blocks_path, highlights_on: %r{/admin/username_blocks}, if: -> { current_user.can?(:manage_blocks) }
      s.item :ip_blocks, safe_join([material_symbol('hide_source'), t('admin.ip_blocks.title')]), admin_ip_blocks_path, highlights_on: %r{/admin/ip_blocks}, if: -> { current_user.can?(:manage_blocks) }
      s.item :action_logs, safe_join([material_symbol('list'), t('admin.action_logs.title')]), admin_action_logs_path, if: -> { current_user.can?(:view_audit_log) }
    end
--- a/config/routes/admin.rb
+++ b/config/routes/admin.rb
@@ -230,4 +230,10 @@ namespace :admin do
  end

  resources :software_updates, only: [:index]
+
+  resources :username_blocks, except: [:show, :destroy] do
+    collection do
+      post :batch
+    end
+  end
 end
--- a/config/settings.yml
+++ b/config/settings.yml
@@ -20,28 +20,6 @@ defaults: &defaults
  trends: true
  trends_as_landing_page: true
  trendable_by_default: false
-  reserved_usernames:
-    - abuse
-    - account
-    - accounts
-    - admin
-    - administration
-    - administrator
-    - admins
-    - help
-    - helpdesk
-    - instance
-    - mod
-    - moderator
-    - moderators
-    - mods
-    - owner
-    - root
-    - security
-    - server
-    - staff
-    - support
-    - webmaster
  disallowed_hashtags: # space separated string or list of hashtags without the hash
  bootstrap_timeline_accounts: ''
  activity_api_enabled: true