From 47234ab3672697f85f8e9f452aea4453e1b9aadc Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Wed, 28 Nov 2012 06:14:05 +0300
Subject: [PATCH] Validate username. Gitlab::Regex added

---
 app/models/namespace.rb               |  2 +-
 app/models/project.rb                 |  2 +-
 app/models/user.rb                    | 11 +++++++----
 app/views/admin/users/index.html.haml |  9 +++++----
 app/views/admin/users/show.html.haml  |  6 ++++++
 app/views/profile/account.html.haml   |  6 +++---
 lib/gitlab/regex.rb                   | 19 +++++++++++++++++++
 spec/models/user_spec.rb              |  1 +
 8 files changed, 43 insertions(+), 13 deletions(-)
 create mode 100644 lib/gitlab/regex.rb

diff --git a/app/models/namespace.rb b/app/models/namespace.rb
index 4e6125e35..5762bfc57 100644
--- a/app/models/namespace.rb
+++ b/app/models/namespace.rb
@@ -19,7 +19,7 @@ class Namespace < ActiveRecord::Base
 
   validates :name, presence: true, uniqueness: true
   validates :path, uniqueness: true, presence: true, length: { within: 1..255 },
-            format: { with: /\A[a-zA-Z][a-zA-Z0-9_\-\.]*\z/,
+            format: { with: Gitlab::Regex.path_regex,
                       message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" }
   validates :owner, presence: true
 
diff --git a/app/models/project.rb b/app/models/project.rb
index 7ddc55cd3..262ca9f5f 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -59,7 +59,7 @@ class Project < ActiveRecord::Base
   validates :description, length: { within: 0..2000 }
   validates :name, presence: true, length: { within: 0..255 }
   validates :path, presence: true, length: { within: 0..255 },
-            format: { with: /\A[a-zA-Z][a-zA-Z0-9_\-\.]*\z/,
+            format: { with: Gitlab::Regex.path_regex,
                       message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" }
   validates :issues_enabled, :wall_enabled, :merge_requests_enabled,
             :wiki_enabled, inclusion: { in: [true, false] }
diff --git a/app/models/user.rb b/app/models/user.rb
index 4f749699f..43163404e 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -41,8 +41,8 @@ class User < ActiveRecord::Base
 
   attr_accessible :email, :password, :password_confirmation, :remember_me, :bio, :name, :username,
                   :skype, :linkedin, :twitter, :dark_scheme, :theme_id, :force_random_password,
-                  :extern_uid, :provider, :as => [:default, :admin]
-  attr_accessible :projects_limit, :as => :admin
+                  :extern_uid, :provider, as: [:default, :admin]
+  attr_accessible :projects_limit, as: :admin
 
   attr_accessor :force_random_password
 
@@ -63,9 +63,12 @@ class User < ActiveRecord::Base
   has_many :assigned_merge_requests, class_name: "MergeRequest", foreign_key: :assignee_id, dependent: :destroy
 
   validates :bio, length: { within: 0..255 }
-  validates :extern_uid, :allow_blank => true, :uniqueness => {:scope => :provider}
+  validates :extern_uid, allow_blank: true, uniqueness: {scope: :provider}
   validates :projects_limit, presence: true, numericality: {greater_than_or_equal_to: 0}
-  validates :username, presence: true
+  validates :username, presence: true, uniqueness: true,
+            format: { with: Gitlab::Regex.username_regex,
+                      message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" }
+
 
   before_validation :generate_password, on: :create
   before_save :ensure_authentication_token
diff --git a/app/views/admin/users/index.html.haml b/app/views/admin/users/index.html.haml
index 5ef94ef5f..5d0f6fe11 100644
--- a/app/views/admin/users/index.html.haml
+++ b/app/views/admin/users/index.html.haml
@@ -6,7 +6,7 @@
 = form_tag admin_users_path, method: :get, class: 'form-inline' do
   = text_field_tag :name, params[:name], class: "xlarge"
   = submit_tag "Search", class: "btn submit primary"
-%ul.nav.nav-pills
+%ul.nav.nav-tabs
   %li{class: "#{'active' unless params[:filter]}"}
     = link_to "Active", admin_users_path
   %li{class: "#{'active' if params[:filter] == "admins"}"}
@@ -23,24 +23,25 @@
   %thead
     %th Admin
     %th Name
+    %th Username
     %th Email
     %th Projects
     %th Edit
-    %th Blocked
     %th.cred Danger Zone!
 
   - @admin_users.each do |user|
     %tr
       %td= check_box_tag "admin",   1, user.admin, disabled: :disabled
       %td= link_to user.name, [:admin, user]
+      %td= user.username
       %td= user.email
       %td= user.users_projects.count
       %td= link_to 'Edit', edit_admin_user_path(user), id: "edit_#{dom_id(user)}", class: "btn small"
-      %td
+      %td.bgred
         - if user.blocked
           = link_to 'Unblock', unblock_admin_user_path(user), method: :put, class: "btn small success"
         - else
           = link_to 'Block', block_admin_user_path(user), confirm: 'USER WILL BE BLOCKED! Are you sure?', method: :put, class: "btn small danger"
-      %td.bgred= link_to 'Destroy', [:admin, user], confirm: "USER #{user.name} WILL BE REMOVED! Are you sure?", method: :delete, class: "btn small danger"
+        = link_to 'Destroy', [:admin, user], confirm: "USER #{user.name} WILL BE REMOVED! Are you sure?", method: :delete, class: "btn small danger"
 
 = paginate @admin_users, theme: "admin"
diff --git a/app/views/admin/users/show.html.haml b/app/views/admin/users/show.html.haml
index e73f4d108..6a42f787b 100644
--- a/app/views/admin/users/show.html.haml
+++ b/app/views/admin/users/show.html.haml
@@ -24,6 +24,12 @@
   %tr
     %td
       %b
+        Username:
+    %td
+      = @admin_user.username
+  %tr
+    %td
+      %b
         Admin:
         %td= check_box_tag "admin", 1, @admin_user.admin, disabled: :disabled
   %tr
diff --git a/app/views/profile/account.html.haml b/app/views/profile/account.html.haml
index 21a5f5a24..e2c5bcdb8 100644
--- a/app/views/profile/account.html.haml
+++ b/app/views/profile/account.html.haml
@@ -42,11 +42,11 @@
 
       .clearfix
         = f.label :password
-        .input= f.password_field :password
+        .input= f.password_field :password, required: true
       .clearfix
         = f.label :password_confirmation
         .input
-          = f.password_field :password_confirmation
+          = f.password_field :password_confirmation, required: true
       .clearfix
         .input
           = f.submit 'Save password', class: "btn save-btn"
@@ -62,7 +62,7 @@
     .padded
       = f.label :username
       .input
-        = f.text_field :username
+        = f.text_field :username, required: true
       .input
         = f.submit 'Save username', class: "btn save-btn"
 
diff --git a/lib/gitlab/regex.rb b/lib/gitlab/regex.rb
new file mode 100644
index 000000000..a3f38b1c3
--- /dev/null
+++ b/lib/gitlab/regex.rb
@@ -0,0 +1,19 @@
+module Gitlab
+  module Regex
+    extend self
+
+    def username_regex
+      default_regex
+    end
+
+    def path_regex
+      default_regex
+    end
+
+    protected
+
+    def default_regex
+      /\A[a-zA-Z][a-zA-Z0-9_\-\.]*\z/
+    end
+  end
+end
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 824e8cfb7..279e315b6 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -58,6 +58,7 @@ describe User do
   end
 
   describe 'validations' do
+    it { should validate_presence_of(:username) }
     it { should validate_presence_of(:projects_limit) }
     it { should validate_numericality_of(:projects_limit) }
     it { should allow_value(0).for(:projects_limit) }
-- 
2.11.0