From b0ce1ce49dd48a47439a3127bbf12b44d7c30cf1 Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Thu, 14 Aug 2025 15:35:19 +0200
Subject: [PATCH] Fix `tootctl admin create` not bypassing reserved username
 checks (#35779)

---
 app/models/account.rb                  |  2 +-
 spec/lib/mastodon/cli/accounts_spec.rb | 11 +++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/app/models/account.rb b/app/models/account.rb
index c23549c22d9..5fa1f0cebf6 100644
--- a/app/models/account.rb
+++ b/app/models/account.rb
@@ -116,7 +116,7 @@ class Account < ApplicationRecord
 
   # Local user validations
   validates :username, format: { with: /\A[a-z0-9_]+\z/i }, length: { maximum: USERNAME_LENGTH_LIMIT }, if: -> { local? && will_save_change_to_username? && !actor_type_application? }
-  validates_with UnreservedUsernameValidator, if: -> { local? && will_save_change_to_username? && !actor_type_application? }
+  validates_with UnreservedUsernameValidator, if: -> { local? && will_save_change_to_username? && !actor_type_application? && !user&.bypass_registration_checks }
   validates :display_name, length: { maximum: DISPLAY_NAME_LENGTH_LIMIT }, if: -> { local? && will_save_change_to_display_name? }
   validates :note, note_length: { maximum: NOTE_LENGTH_LIMIT }, if: -> { local? && will_save_change_to_note? }
   validates :fields, length: { maximum: DEFAULT_FIELDS_SIZE }, if: -> { local? && will_save_change_to_fields? }
diff --git a/spec/lib/mastodon/cli/accounts_spec.rb b/spec/lib/mastodon/cli/accounts_spec.rb
index e60f5a0cf71..111703a18bb 100644
--- a/spec/lib/mastodon/cli/accounts_spec.rb
+++ b/spec/lib/mastodon/cli/accounts_spec.rb
@@ -32,6 +32,7 @@ RSpec.describe Mastodon::CLI::Accounts do
 
   describe '#create' do
     let(:action) { :create }
+    let(:username) { 'tootctl_username' }
 
     shared_examples 'a new user with given email address and username' do
       it 'creates user and accounts from options and displays success message' do
@@ -48,18 +49,24 @@ RSpec.describe Mastodon::CLI::Accounts do
       end
 
       def account_from_options
-        Account.find_local('tootctl_username')
+        Account.find_local(username)
       end
     end
 
     context 'when required USERNAME and --email are provided' do
-      let(:arguments) { ['tootctl_username'] }
+      let(:arguments) { [username] }
 
       context 'with USERNAME and --email only' do
         let(:options) { { email: 'tootctl@example.com' } }
 
         it_behaves_like 'a new user with given email address and username'
 
+        context 'with a reserved username' do
+          let(:username) { 'security' }
+
+          it_behaves_like 'a new user with given email address and username'
+        end
+
         context 'with invalid --email value' do
           let(:options) { { email: 'invalid' } }