From 4b69d64db2915ab76303798c3f610e4b6e011cff Mon Sep 17 00:00:00 2001 From: Eliot Berriot Date: Sat, 24 Mar 2018 20:31:36 +0100 Subject: [PATCH] Fix #139: We now restrict some usernames from being used during signup --- api/config/settings/common.py | 9 +++++++++ api/tests/users/test_views.py | 17 +++++++++++++++++ changes/changelog.d/139.enhancement | 1 + 3 files changed, 27 insertions(+) create mode 100644 changes/changelog.d/139.enhancement diff --git a/api/config/settings/common.py b/api/config/settings/common.py index 077566d1c..2c72865f6 100644 --- a/api/config/settings/common.py +++ b/api/config/settings/common.py @@ -385,3 +385,12 @@ CSRF_USE_SESSIONS = True # Playlist settings PLAYLISTS_MAX_TRACKS = env.int('PLAYLISTS_MAX_TRACKS', default=250) + +ACCOUNT_USERNAME_BLACKLIST = [ + 'funkwhale', + 'root', + 'admin', + 'owner', + 'superuser', + 'staff', +] + env.list('ACCOUNT_USERNAME_BLACKLIST', default=[]) diff --git a/api/tests/users/test_views.py b/api/tests/users/test_views.py index 02b903bf4..4be586965 100644 --- a/api/tests/users/test_views.py +++ b/api/tests/users/test_views.py @@ -23,6 +23,23 @@ def test_can_create_user_via_api(preferences, client, db): assert u.username == 'test1' +def test_can_restrict_usernames(settings, preferences, db, client): + url = reverse('rest_register') + preferences['users__registration_enabled'] = True + settings.USERNAME_BLACKLIST = ['funkwhale'] + data = { + 'username': 'funkwhale', + 'email': 'contact@funkwhale.io', + 'password1': 'testtest', + 'password2': 'testtest', + } + + response = client.post(url, data) + + assert response.status_code == 400 + assert 'username' in response.data + + def test_can_disable_registration_view(preferences, client, db): url = reverse('rest_register') data = { diff --git a/changes/changelog.d/139.enhancement b/changes/changelog.d/139.enhancement new file mode 100644 index 000000000..c6648d139 --- /dev/null +++ b/changes/changelog.d/139.enhancement @@ -0,0 +1 @@ +We now restrict some usernames from being used during signup (#139)