From 0c12471feb29f9af77bdf6c5c46d6a24b5cb8718 Mon Sep 17 00:00:00 2001
From: Paul Spieker <p.spieker@duenos.de>
Date: Fri, 30 Sep 2011 14:17:04 +0200
Subject: [PATCH] add username blacklist

---
 app/models/user.rb       | 1 +
 config/environment.rb    | 4 ++++
 spec/models/user_spec.rb | 7 +++++++
 3 files changed, 12 insertions(+)

diff --git a/app/models/user.rb b/app/models/user.rb
index 7882ebbb6c..b52487face 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -22,6 +22,7 @@ class User < ActiveRecord::Base
   validates :username, :presence => true, :uniqueness => true
   validates_format_of :username, :with => /\A[A-Za-z0-9_]+\z/
   validates_length_of :username, :maximum => 32
+  validates_exclusion_of :username, :in => USERNAME_BLACKLIST
   validates_inclusion_of :language, :in => AVAILABLE_LANGUAGE_CODES
   validates_format_of :unconfirmed_email, :with  => Devise.email_regexp, :allow_blank => true
 
diff --git a/config/environment.rb b/config/environment.rb
index ba4d85c182..fdefe893be 100644
--- a/config/environment.rb
+++ b/config/environment.rb
@@ -27,6 +27,10 @@ else
   RTL_LANGUAGES = []
 end
 
+# Blacklist of usernames
+USERNAME_BLACKLIST = ['admin', 'administrator', 'hostmaster', 'info', 'postmaster', 'root', 'ssladmin', 
+  'ssladministrator', 'sslwebmaster', 'sysadmin', 'webmaster', 'support', 'contact']
+
 # Initialize the rails application
 Diaspora::Application.initialize!
 
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 977df19d6d..2138a7e73e 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -151,6 +151,13 @@ describe User do
         alice.username =  "hexagooooooooooooooooooooooooooon"
         alice.should_not be_valid
       end
+      
+      it "cannot be one of the blacklist names" do
+        ['hostmaster', 'postmaster', 'root', 'webmaster'].each do |username|
+          alice.username =  username
+          alice.should_not be_valid
+        end
+      end
     end
 
     describe "of email" do
-- 
GitLab