From 90a0327fd2d3a62358965f2ea969739213f7a9f8 Mon Sep 17 00:00:00 2001 From: Guo Xiang Tan Date: Wed, 31 Aug 2016 21:49:45 +0800 Subject: [PATCH] FIX: Check against reserved usernames should be case insensitive. --- app/models/user.rb | 4 +++- spec/models/user_spec.rb | 8 ++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/app/models/user.rb b/app/models/user.rb index ee5f4e3fa..a70b21973 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -147,7 +147,9 @@ class User < ActiveRecord::Base def self.username_available?(username) lower = username.downcase - User.where(username_lower: lower).blank? && !SiteSetting.reserved_usernames.split("|").include?(username) + + User.where(username_lower: lower).blank? && + !SiteSetting.reserved_usernames.split("|").any? { |reserved| reserved.casecmp(username) == 0 } end def self.plugin_staff_user_custom_fields diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 833fdffc5..419f77113 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -433,6 +433,14 @@ describe User do it 'returns false when a username is taken' do expect(User.username_available?(Fabricate(:user).username)).to eq(false) end + + it 'returns false when a username is reserved' do + SiteSetting.reserved_usernames = 'test|donkey' + + expect(User.username_available?('donkey')).to eq(false) + expect(User.username_available?('DonKey')).to eq(false) + expect(User.username_available?('test')).to eq(false) + end end describe 'email_validator' do