github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 06:41:25 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: don't allow username to be changed to same as password

Browse Source 
We were blocking user registrations with same username and password,
but allowing usernames to be changed to be same as password later.
Also disallow names to be the same as password.
This commit is contained in:
Neil Lalonde
2019-05-13 16:43:19 -04:00
parent 13e54bca3d
commit 6f747c6b71
5 changed files with 71 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/validators/password_validator.rb
View File

@ -15,6 +15,8 @@ class PasswordValidator < ActiveModel::EachValidator
record.errors.add(attribute, :too_short, count: SiteSetting.min_password_length)
elsif record.username.present? && value == record.username
record.errors.add(attribute, :same_as_username)
elsif record.name.present? && value == record.name
record.errors.add(attribute, :same_as_name)
elsif record.email.present? && value == record.email
record.errors.add(attribute, :same_as_email)
elsif record.confirm_password?(value)