FIX: Add server side uniqueness validations for Group#name and User#username.

https://meta.discourse.org/t/groups-can-be-given-same-name-as-existing-username/74010
2025-05-31 16:57:16 +08:00 · 2018-04-02 18:17:06 +08:00
parent d2a8f40fb0
commit 221503cd10
4 changed files with 88 additions and 8 deletions
--- a/spec/models/group_spec.rb
+++ b/spec/models/group_spec.rb
@ -5,6 +5,32 @@ describe Group do
  let(:user) { Fabricate(:user) }
  let(:group) { Fabricate(:group) }

+  context 'validations' do
+    describe '#username' do
+      context 'when a user with a similar name exists' do
+        it 'should not be valid' do
+          new_group = Fabricate.build(:group, name: admin.username.upcase)
+
+          expect(new_group).to_not be_valid
+
+          expect(new_group.errors.full_messages.first)
+            .to include(I18n.t("activerecord.errors.messages.taken"))
+        end
+      end
+
+      context 'when a group with a similar name exists' do
+        it 'should not be valid' do
+          new_group = Fabricate.build(:group, name: group.name.upcase)
+
+          expect(new_group).to_not be_valid
+
+          expect(new_group.errors.full_messages.first)
+            .to include(I18n.t("activerecord.errors.messages.taken"))
+        end
+      end
+    end
+  end
+
  describe "#posts_for" do
    it "returns the post in the group" do
      p = Fabricate(:post)
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@ -5,10 +5,36 @@ describe User do
  let(:user) { Fabricate(:user) }

  context 'validations' do
-    it { is_expected.to validate_presence_of :username }
-    it { is_expected.to validate_presence_of :primary_email }
+    describe '#username' do
+      it { is_expected.to validate_presence_of :username }
+
+      describe 'when username already exists' do
+        it 'should not be valid' do
+          new_user = Fabricate.build(:user, username: user.username.upcase)
+
+          expect(new_user).to_not be_valid
+
+          expect(new_user.errors.full_messages.first)
+            .to include(I18n.t(:'user.username.unique'))
+        end
+      end
+
+      describe 'when group with a same name already exists' do
+        it 'should not be valid' do
+          group = Fabricate(:group)
+          new_user = Fabricate.build(:user, username: group.name.upcase)
+
+          expect(new_user).to_not be_valid
+
+          expect(new_user.errors.full_messages.first)
+            .to include(I18n.t(:'user.username.unique'))
+        end
+      end
+    end

    describe 'emails' do
+      it { is_expected.to validate_presence_of :primary_email }
+
      let(:user) { Fabricate.build(:user) }

      describe 'when record has a valid email' do