about summary refs log tree commit diff
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2019-04-06 17:53:17 +0200
committerGitHub <noreply@github.com>2019-04-06 17:53:17 +0200
commit2c63e0292a0a0a530ce814246bb6762983808135 (patch)
tree69814a662f68695490884667ea5bcd51feedc8d8
parent78a8a99b0bcfb02d04ee5a4c48b116f6ed7d96b7 (diff)
Fix admin validation being too strict about usernames (#10449)
* Fix admin validation being too strict about usernames

Fix #10446

* Strip Setting.site_contact_username consistently throughout the codebase
-rw-r--r--app/controllers/home_controller.rb2
-rw-r--r--app/controllers/shares_controller.rb2
-rw-r--r--app/models/concerns/account_finder_concern.rb2
-rw-r--r--app/presenters/instance_presenter.rb2
-rw-r--r--app/validators/existing_username_validator.rb10
5 files changed, 6 insertions, 12 deletions
diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb
index b5d6460f9..d1bd0601e 100644
--- a/app/controllers/home_controller.rb
+++ b/app/controllers/home_controller.rb
@@ -50,7 +50,7 @@ class HomeController < ApplicationController
       push_subscription: current_account.user.web_push_subscription(current_session),
       current_account: current_account,
       token: current_session.token,
-      admin: Account.find_local(Setting.site_contact_username),
+      admin: Account.find_local(Setting.site_contact_username.strip.gsub(/\A@/, '')),
     }
   end
 
diff --git a/app/controllers/shares_controller.rb b/app/controllers/shares_controller.rb
index 9ef1e0749..af605b98f 100644
--- a/app/controllers/shares_controller.rb
+++ b/app/controllers/shares_controller.rb
@@ -21,7 +21,7 @@ class SharesController < ApplicationController
       push_subscription: current_account.user.web_push_subscription(current_session),
       current_account: current_account,
       token: current_session.token,
-      admin: Account.find_local(Setting.site_contact_username),
+      admin: Account.find_local(Setting.site_contact_username.strip.gsub(/\A@/, '')),
       text: text,
     }
   end
diff --git a/app/models/concerns/account_finder_concern.rb b/app/models/concerns/account_finder_concern.rb
index 7e3bbde09..0ac49cc12 100644
--- a/app/models/concerns/account_finder_concern.rb
+++ b/app/models/concerns/account_finder_concern.rb
@@ -13,7 +13,7 @@ module AccountFinderConcern
     end
 
     def representative
-      find_local(Setting.site_contact_username.gsub(/\A@/, '')) || Account.local.find_by(suspended: false)
+      find_local(Setting.site_contact_username.strip.gsub(/\A@/, '')) || Account.local.find_by(suspended: false)
     end
 
     def find_local(username)
diff --git a/app/presenters/instance_presenter.rb b/app/presenters/instance_presenter.rb
index 74c5ed129..f3a73209a 100644
--- a/app/presenters/instance_presenter.rb
+++ b/app/presenters/instance_presenter.rb
@@ -13,7 +13,7 @@ class InstancePresenter
   )
 
   def contact_account
-    Account.find_local(Setting.site_contact_username.gsub(/\A@/, ''))
+    Account.find_local(Setting.site_contact_username.strip.gsub(/\A@/, ''))
   end
 
   def user_count
diff --git a/app/validators/existing_username_validator.rb b/app/validators/existing_username_validator.rb
index 4388a0c98..b31d09827 100644
--- a/app/validators/existing_username_validator.rb
+++ b/app/validators/existing_username_validator.rb
@@ -5,16 +5,10 @@ class ExistingUsernameValidator < ActiveModel::EachValidator
     return if value.blank?
 
     if options[:multiple]
-      missing_usernames = value.split(',').map { |username| username unless Account.find_local(username) }.compact
+      missing_usernames = value.split(',').map { |username| username.strip.gsub(/\A@/, '') }.map { |username| username unless Account.find_local(username) }.compact
       record.errors.add(attribute, I18n.t('existing_username_validator.not_found_multiple', usernames: missing_usernames.join(', '))) if missing_usernames.any?
     else
-      record.errors.add(attribute, I18n.t('existing_username_validator.not_found')) unless Account.find_local(value)
+      record.errors.add(attribute, I18n.t('existing_username_validator.not_found')) unless Account.find_local(value.strip.gsub(/\A@/, ''))
     end
   end
-
-  private
-
-  def valid_html?(str)
-    Nokogiri::HTML.fragment(str).to_s == str
-  end
 end