Add ability to block words in usernames (#35407)

2025-07-29 12:19:15 +02:00
parent 8cf7a77808
commit 20bbd20ef1
28 changed files with 560 additions and 34 deletions
--- a/spec/fabricators/username_block_fabricator.rb
+++ b/spec/fabricators/username_block_fabricator.rb
@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+Fabricator(:username_block) do
+  username { sequence(:email) { |i| "#{i}#{Faker::Internet.username}" } }
+  exact false
+  allow_with_approval false
+end
--- a/spec/models/username_block_spec.rb
+++ b/spec/models/username_block_spec.rb
@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe UsernameBlock do
+  describe '.matches?' do
+    context 'when there is an exact block' do
+      before do
+        Fabricate(:username_block, username: 'carriage', exact: true)
+      end
+
+      it 'returns true on exact match' do
+        expect(described_class.matches?('carriage')).to be true
+      end
+
+      it 'returns true on case insensitive match' do
+        expect(described_class.matches?('CaRRiagE')).to be true
+      end
+
+      it 'returns true on homoglyph match' do
+        expect(described_class.matches?('c4rr14g3')).to be true
+      end
+
+      it 'returns false on partial match' do
+        expect(described_class.matches?('foo_carriage')).to be false
+      end
+
+      it 'returns false on no match' do
+        expect(described_class.matches?('foo')).to be false
+      end
+    end
+
+    context 'when there is a partial block' do
+      before do
+        Fabricate(:username_block, username: 'carriage', exact: false)
+      end
+
+      it 'returns true on exact match' do
+        expect(described_class.matches?('carriage')).to be true
+      end
+
+      it 'returns true on case insensitive match' do
+        expect(described_class.matches?('CaRRiagE')).to be true
+      end
+
+      it 'returns true on homoglyph match' do
+        expect(described_class.matches?('c4rr14g3')).to be true
+      end
+
+      it 'returns true on suffix match' do
+        expect(described_class.matches?('foo_carriage')).to be true
+      end
+
+      it 'returns true on prefix match' do
+        expect(described_class.matches?('carriage_foo')).to be true
+      end
+
+      it 'returns false on no match' do
+        expect(described_class.matches?('foo')).to be false
+      end
+    end
+  end
+end
--- a/spec/requests/admin/username_blocks_spec.rb
+++ b/spec/requests/admin/username_blocks_spec.rb
@@ -0,0 +1,97 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Admin Username Blocks' do
+  describe 'GET /admin/username_blocks' do
+    before { sign_in Fabricate(:admin_user) }
+
+    it 'returns http success' do
+      get admin_username_blocks_path
+
+      expect(response)
+        .to have_http_status(200)
+    end
+  end
+
+  describe 'POST /admin/username_blocks' do
+    before { sign_in Fabricate(:admin_user) }
+
+    it 'gracefully handles invalid nested params' do
+      post admin_username_blocks_path(username_block: 'invalid')
+
+      expect(response)
+        .to have_http_status(400)
+    end
+
+    it 'creates a username block' do
+      post admin_username_blocks_path(username_block: { username: 'banana', comparison: 'contains', allow_with_approval: '0' })
+
+      expect(response)
+        .to redirect_to(admin_username_blocks_path)
+      expect(UsernameBlock.find_by(username: 'banana'))
+        .to_not be_nil
+    end
+  end
+
+  describe 'POST /admin/username_blocks/batch' do
+    before { sign_in Fabricate(:admin_user) }
+
+    let(:username_blocks) { Fabricate.times(2, :username_block) }
+
+    it 'gracefully handles invalid nested params' do
+      post batch_admin_username_blocks_path(form_username_block_batch: 'invalid')
+
+      expect(response)
+        .to redirect_to(admin_username_blocks_path)
+    end
+
+    it 'deletes selected username blocks' do
+      post batch_admin_username_blocks_path(form_username_block_batch: { username_block_ids: username_blocks.map(&:id) }, delete: '1')
+
+      expect(response)
+        .to redirect_to(admin_username_blocks_path)
+      expect(UsernameBlock.where(id: username_blocks.map(&:id)))
+        .to be_empty
+    end
+  end
+
+  describe 'GET /admin/username_blocks/new' do
+    before { sign_in Fabricate(:admin_user) }
+
+    it 'returns http success' do
+      get new_admin_username_block_path
+
+      expect(response)
+        .to have_http_status(200)
+    end
+  end
+
+  describe 'GET /admin/username_blocks/:id/edit' do
+    before { sign_in Fabricate(:admin_user) }
+
+    let(:username_block) { Fabricate(:username_block) }
+
+    it 'returns http success' do
+      get edit_admin_username_block_path(username_block)
+
+      expect(response)
+        .to have_http_status(200)
+    end
+  end
+
+  describe 'PUT /admin/username_blocks/:id' do
+    before { sign_in Fabricate(:admin_user) }
+
+    let(:username_block) { Fabricate(:username_block, username: 'banana') }
+
+    it 'updates username block' do
+      put admin_username_block_path(username_block, username_block: { username: 'bebebe' })
+
+      expect(response)
+        .to redirect_to(admin_username_blocks_path)
+      expect(username_block.reload.username)
+        .to eq 'bebebe'
+    end
+  end
+end
--- a/spec/validators/unreserved_username_validator_spec.rb
+++ b/spec/validators/unreserved_username_validator_spec.rb
@@ -10,8 +10,13 @@ RSpec.describe UnreservedUsernameValidator do
      attr_accessor :username

      validates_with UnreservedUsernameValidator
+
+      def self.name
+        'Foo'
+      end
    end
  end
+
  let(:record) { record_class.new }

  describe '#validate' do
@@ -114,7 +119,7 @@ RSpec.describe UnreservedUsernameValidator do
        end

        def stub_reserved_usernames(value)
-          allow(Setting).to receive(:[]).with('reserved_usernames').and_return(value)
+          value&.each { |str| Fabricate(:username_block, username: str, exact: true) }
        end
      end
    end