Merge branch 'fix/case-sensitivity-restricted-nicknames-blacklisted-domains' into 'develop'

Make checking blacklisted domains and restricted nicknames case-insensitive Closes #2894 and #2888 See merge request pleroma/pleroma!3687
2022-07-11 04:04:36 +00:00 · 2022-07-11 04:04:36 +00:00 · 311fda32f3
parent 420da14b61 8bb2e52d2e
commit 311fda32f3
2 changed files with 56 additions and 12 deletions
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@ -706,7 +706,7 @@ def register_changeset_ldap(struct, params = %{password: password})
    ])
    |> validate_required([:name, :nickname])
    |> unique_constraint(:nickname)
-    |> validate_exclusion(:nickname, Config.get([User, :restricted_nicknames]))
+    |> validate_not_restricted_nickname(:nickname)
    |> validate_format(:nickname, local_nickname_regex())
    |> put_ap_id()
    |> unique_constraint(:ap_id)
@ -754,17 +754,9 @@ def register_changeset(struct, params \\ %{}, opts \\ []) do
    |> validate_confirmation(:password)
    |> unique_constraint(:email)
    |> validate_format(:email, @email_regex)
-    |> validate_change(:email, fn :email, email ->
-      valid? =
-        Config.get([User, :email_blacklist])
-        |> Enum.all?(fn blacklisted_domain ->
-          !String.ends_with?(email, ["@" <> blacklisted_domain, "." <> blacklisted_domain])
-        end)
-
-      if valid?, do: [], else: [email: "Invalid email"]
-    end)
+    |> validate_email_not_in_blacklisted_domain(:email)
    |> unique_constraint(:nickname)
-    |> validate_exclusion(:nickname, Config.get([User, :restricted_nicknames]))
+    |> validate_not_restricted_nickname(:nickname)
    |> validate_format(:nickname, local_nickname_regex())
    |> validate_length(:bio, max: bio_limit)
    |> validate_length(:name, min: 1, max: name_limit)
@ -778,6 +770,35 @@ def register_changeset(struct, params \\ %{}, opts \\ []) do
    |> put_following_and_follower_and_featured_address()
  end

+  def validate_not_restricted_nickname(changeset, field) do
+    validate_change(changeset, field, fn _, value ->
+      valid? =
+        Config.get([User, :restricted_nicknames])
+        |> Enum.all?(fn restricted_nickname ->
+          String.downcase(value) != String.downcase(restricted_nickname)
+        end)
+
+      if valid?, do: [], else: [nickname: "Invalid nickname"]
+    end)
+  end
+
+  def validate_email_not_in_blacklisted_domain(changeset, field) do
+    validate_change(changeset, field, fn _, value ->
+      valid? =
+        Config.get([User, :email_blacklist])
+        |> Enum.all?(fn blacklisted_domain ->
+          blacklisted_domain_downcase = String.downcase(blacklisted_domain)
+
+          !String.ends_with?(String.downcase(value), [
+            "@" <> blacklisted_domain_downcase,
+            "." <> blacklisted_domain_downcase
+          ])
+        end)
+
+      if valid?, do: [], else: [email: "Invalid email"]
+    end)
+  end
+
  def maybe_validate_required_email(changeset, true), do: changeset

  def maybe_validate_required_email(changeset, _) do
--- a/test/pleroma/user_test.exs
+++ b/test/pleroma/user_test.exs
@ -618,9 +618,10 @@ test "it requires an name, nickname and password, bio and email are optional whe
    end

    test "it restricts certain nicknames" do
+      clear_config([User, :restricted_nicknames], ["about"])
      [restricted_name | _] = Pleroma.Config.get([User, :restricted_nicknames])

-      assert is_bitstring(restricted_name)
+      assert is_binary(restricted_name)

      params =
        @full_user_data
@ -631,6 +632,23 @@ test "it restricts certain nicknames" do
      refute changeset.valid?
    end

+    test "it is case-insensitive when restricting nicknames" do
+      clear_config([User, :restricted_nicknames], ["about"])
+      [restricted_name | _] = Pleroma.Config.get([User, :restricted_nicknames])
+
+      assert is_binary(restricted_name)
+
+      restricted_upcase_name = String.upcase(restricted_name)
+
+      params =
+        @full_user_data
+        |> Map.put(:nickname, restricted_upcase_name)
+
+      changeset = User.register_changeset(%User{}, params)
+
+      refute changeset.valid?
+    end
+
    test "it blocks blacklisted email domains" do
      clear_config([User, :email_blacklist], ["trolling.world"])

@ -639,6 +657,11 @@ test "it blocks blacklisted email domains" do
      changeset = User.register_changeset(%User{}, params)
      refute changeset.valid?

+      # Block with case-insensitive match
+      params = Map.put(@full_user_data, :email, "troll@TrOlLing.wOrld")
+      changeset = User.register_changeset(%User{}, params)
+      refute changeset.valid?
+
      # Block with subdomain match
      params = Map.put(@full_user_data, :email, "troll@gnomes.trolling.world")
      changeset = User.register_changeset(%User{}, params)