Do not create a user with the same username than another actor name

2018-06-21 11:54:22 +02:00 · 2018-06-21 11:54:22 +02:00 · 2ef6a0635c
parent 6387f320bf
commit 2ef6a0635c
2 changed files with 33 additions and 0 deletions
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@ -21,6 +21,7 @@ import { CONFIG, CONSTRAINTS_FIELDS } from '../../initializers'
 import { Redis } from '../../lib/redis'
 import { UserModel } from '../../models/account/user'
 import { areValidationErrors } from './utils'
+import { ActorModel } from '../../models/activitypub/actor'

 const usersAddValidator = [
  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
@ -271,6 +272,14 @@ async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email:
    return false
  }

+  const actor = await ActorModel.loadLocalByName(username)
+  if (actor) {
+    res.status(409)
+       .send({ error: 'Another actor (account/channel) with this name already exists.' })
+       .end()
+    return false
+  }
+
  return true
 }

--- a/server/tests/api/check-params/users.ts
+++ b/server/tests/api/check-params/users.ts
@ -179,6 +179,18 @@ describe('Test users API validators', function () {
      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

+    it('Should fail with a "peertube" username', async function () {
+      const fields = immutableAssign(baseCorrectParams, { username: 'peertube' })
+
+      await makePostBodyRequest({
+        url: server.url,
+        path,
+        token: server.accessToken,
+        fields,
+        statusCodeExpected: 409
+      })
+    })
+
    it('Should succeed with the correct params', async function () {
      await makePostBodyRequest({
        url: server.url,
@ -493,6 +505,18 @@ describe('Test users API validators', function () {
      })
    })

+    it('Should fail with a "peertube" username', async function () {
+      const fields = immutableAssign(baseCorrectParams, { username: 'peertube' })
+
+      await makePostBodyRequest({
+        url: server.url,
+        path: registrationPath,
+        token: server.accessToken,
+        fields,
+        statusCodeExpected: 409
+      })
+    })
+
    it('Should fail if we register a user with the same email', async function () {
      const fields = immutableAssign(baseCorrectParams, { email: 'admin1@example.com' })