From 2ef6a0635cb6be32ef6028fb76d1c8ba4a6f7109 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 21 Jun 2018 11:54:22 +0200 Subject: [PATCH] Do not create a user with the same username than another actor name --- server/middlewares/validators/users.ts | 9 +++++++++ server/tests/api/check-params/users.ts | 24 ++++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 4ad0e33da..8fbab4dd0 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts @@ -21,6 +21,7 @@ import { CONFIG, CONSTRAINTS_FIELDS } from '../../initializers' import { Redis } from '../../lib/redis' import { UserModel } from '../../models/account/user' import { areValidationErrors } from './utils' +import { ActorModel } from '../../models/activitypub/actor' const usersAddValidator = [ body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'), @@ -271,6 +272,14 @@ async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: return false } + const actor = await ActorModel.loadLocalByName(username) + if (actor) { + res.status(409) + .send({ error: 'Another actor (account/channel) with this name already exists.' }) + .end() + return false + } + return true } diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts index dba57778d..f36146c53 100644 --- a/server/tests/api/check-params/users.ts +++ b/server/tests/api/check-params/users.ts @@ -179,6 +179,18 @@ describe('Test users API validators', function () { await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) }) + it('Should fail with a "peertube" username', async function () { + const fields = immutableAssign(baseCorrectParams, { username: 'peertube' }) + + await makePostBodyRequest({ + url: server.url, + path, + token: server.accessToken, + fields, + statusCodeExpected: 409 + }) + }) + it('Should succeed with the correct params', async function () { await makePostBodyRequest({ url: server.url, @@ -493,6 +505,18 @@ describe('Test users API validators', function () { }) }) + it('Should fail with a "peertube" username', async function () { + const fields = immutableAssign(baseCorrectParams, { username: 'peertube' }) + + await makePostBodyRequest({ + url: server.url, + path: registrationPath, + token: server.accessToken, + fields, + statusCodeExpected: 409 + }) + }) + it('Should fail if we register a user with the same email', async function () { const fields = immutableAssign(baseCorrectParams, { email: 'admin1@example.com' })