gnh1201/mastodon
1
0
Fork 0
mirror of https://github.com/mastodon/mastodon.git synced 2025-10-07 09:32:44 +00:00
Code Issues Actions 18 Packages Projects Releases Wiki Activity

Fix tootctl admin create not bypassing reserved username checks

Browse Source
This commit is contained in:
Claire 2025-08-14 13:44:50 +02:00
parent 5478ef9b32
commit d56e545c5a
3 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/models/account.rb
View File

@ -116,7 +116,7 @@ class Account < ApplicationRecord
# Local user validations # Local user validations
validates :username, format: { with: /\A[a-z0-9_]+\z/i }, length: { maximum: USERNAME_LENGTH_LIMIT }, if: -> { local? && will_save_change_to_username? && !actor_type_application? } validates :username, format: { with: /\A[a-z0-9_]+\z/i }, length: { maximum: USERNAME_LENGTH_LIMIT }, if: -> { local? && will_save_change_to_username? && !actor_type_application? }
validates_with UnreservedUsernameValidator, if: -> { local? && will_save_change_to_username? && !actor_type_application? } validates_with UnreservedUsernameValidator, if: -> { local? && will_save_change_to_username? && !actor_type_application? && !user&.bypass_registration_checks }
validates :display_name, length: { maximum: DISPLAY_NAME_LENGTH_LIMIT }, if: -> { local? && will_save_change_to_display_name? } validates :display_name, length: { maximum: DISPLAY_NAME_LENGTH_LIMIT }, if: -> { local? && will_save_change_to_display_name? }
validates :note, note_length: { maximum: NOTE_LENGTH_LIMIT }, if: -> { local? && will_save_change_to_note? } validates :note, note_length: { maximum: NOTE_LENGTH_LIMIT }, if: -> { local? && will_save_change_to_note? }
validates :fields, length: { maximum: DEFAULT_FIELDS_SIZE }, if: -> { local? && will_save_change_to_fields? } validates :fields, length: { maximum: DEFAULT_FIELDS_SIZE }, if: -> { local? && will_save_change_to_fields? }

2
app/models/user.rb
View File

@ -105,7 +105,7 @@ class User < ApplicationRecord
validates :agreement, acceptance: { allow_nil: false, accept: [true, 'true', '1'] }, on: :create validates :agreement, acceptance: { allow_nil: false, accept: [true, 'true', '1'] }, on: :create
# Honeypot/anti-spam fields # Honeypot/anti-spam fields
attr_accessor :registration_form_time, :website, :confirm_password attr_accessor :registration_form_time, :website, :confirm_password, :bypass_registration_checks
validates_with RegistrationFormTimeValidator, on: :create validates_with RegistrationFormTimeValidator, on: :create
validates :website, absence: true, on: :create validates :website, absence: true, on: :create

11
spec/lib/mastodon/cli/accounts_spec.rb
View File

@ -32,6 +32,7 @@ RSpec.describe Mastodon::CLI::Accounts do
describe '#create' do describe '#create' do
let(:action) { :create } let(:action) { :create }
let(:username) { 'tootctl_username' }
shared_examples 'a new user with given email address and username' do shared_examples 'a new user with given email address and username' do
it 'creates user and accounts from options and displays success message' do it 'creates user and accounts from options and displays success message' do
@ -48,18 +49,24 @@ RSpec.describe Mastodon::CLI::Accounts do
end end
def account_from_options def account_from_options
Account.find_local('tootctl_username') Account.find_local(username)
end end
end end
context 'when required USERNAME and --email are provided' do context 'when required USERNAME and --email are provided' do
let(:arguments) { ['tootctl_username'] } let(:arguments) { [username] }
context 'with USERNAME and --email only' do context 'with USERNAME and --email only' do
let(:options) { { email: 'tootctl@example.com' } } let(:options) { { email: 'tootctl@example.com' } }
it_behaves_like 'a new user with given email address and username' it_behaves_like 'a new user with given email address and username'
context 'with a reserved username' do
let(:username) { 'security' }
it_behaves_like 'a new user with given email address and username'
end
context 'with invalid --email value' do context 'with invalid --email value' do
let(:options) { { email: 'invalid' } } let(:options) { { email: 'invalid' } }