FIX: User can change name when auth_overrides_name is enabled.

This commit is contained in:
Alan Guo Xiang Tan 2021-07-28 14:07:18 +08:00
parent 343ea81ac3
commit 32951ca2f4
3 changed files with 32 additions and 14 deletions

View File

@ -97,7 +97,10 @@ class UserUpdater
end end
old_user_name = user.name.present? ? user.name : "" old_user_name = user.name.present? ? user.name : ""
user.name = attributes.fetch(:name) { user.name }
if guardian.can_edit_name?(user)
user.name = attributes.fetch(:name) { user.name }
end
user.locale = attributes.fetch(:locale) { user.locale } user.locale = attributes.fetch(:locale) { user.locale }
user.date_of_birth = attributes.fetch(:date_of_birth) { user.date_of_birth } user.date_of_birth = attributes.fetch(:date_of_birth) { user.date_of_birth }

View File

@ -1083,8 +1083,11 @@ describe UsersController do
expect(response.status).to eq(200) expect(response.status).to eq(200)
json = response.parsed_body json = response.parsed_body
expect(json['success']).to eq(true) expect(json['success']).to eq(true)
expect(User.last.username).to eq('testosama')
expect(User.last.name).to eq('Osama Test') user = User.last
expect(user.username).to eq('testosama')
expect(user.name).to eq('Osama Test')
end end
end end
@ -1821,6 +1824,17 @@ describe UsersController do
end end
end end
it "does not allow name to be updated if auth auth_overrides_name is enabled" do
SiteSetting.auth_overrides_name = true
sign_in(user)
put "/u/#{user.username}", params: { name: 'test.test' }
expect(response.status).to eq(200)
expect(user.reload.name).to_not eq('test.test')
end
context "when username contains a period" do context "when username contains a period" do
before do before do
sign_in(user) sign_in(user)

View File

@ -43,7 +43,7 @@ describe UserUpdater do
it 'saves user' do it 'saves user' do
user = Fabricate(:user, name: 'Billy Bob') user = Fabricate(:user, name: 'Billy Bob')
updater = UserUpdater.new(acting_user, user) updater = UserUpdater.new(user, user)
updater.update(name: 'Jim Tom') updater.update(name: 'Jim Tom')
@ -547,11 +547,10 @@ describe UserUpdater do
end end
it "logs the action" do it "logs the action" do
user_without_name = Fabricate(:user, name: nil)
user = Fabricate(:user, name: 'Billy Bob') user = Fabricate(:user, name: 'Billy Bob')
expect do expect do
UserUpdater.new(acting_user, user).update(name: 'Jim Tom') UserUpdater.new(user, user).update(name: 'Jim Tom')
end.to change { UserHistory.count }.by(1) end.to change { UserHistory.count }.by(1)
expect(UserHistory.last.action).to eq( expect(UserHistory.last.action).to eq(
@ -559,19 +558,21 @@ describe UserUpdater do
) )
expect do expect do
UserUpdater.new(acting_user, user).update(name: 'JiM TOm') UserUpdater.new(user, user).update(name: 'JiM TOm')
end.to_not change { UserHistory.count } end.to_not change { UserHistory.count }
expect do expect do
UserUpdater.new(acting_user, user).update(bio_raw: 'foo bar') UserUpdater.new(user, user).update(bio_raw: 'foo bar')
end.to_not change { UserHistory.count }
user_without_name = Fabricate(:user, name: nil)
expect do
UserUpdater.new(user_without_name, user_without_name).update(bio_raw: 'foo bar')
end.to_not change { UserHistory.count } end.to_not change { UserHistory.count }
expect do expect do
UserUpdater.new(acting_user, user_without_name).update(bio_raw: 'foo bar') UserUpdater.new(user_without_name, user_without_name).update(name: 'Jim Tom')
end.to_not change { UserHistory.count }
expect do
UserUpdater.new(acting_user, user_without_name).update(name: 'Jim Tom')
end.to change { UserHistory.count }.by(1) end.to change { UserHistory.count }.by(1)
expect(UserHistory.last.action).to eq( expect(UserHistory.last.action).to eq(
@ -579,7 +580,7 @@ describe UserUpdater do
) )
expect do expect do
UserUpdater.new(acting_user, user).update(name: '') UserUpdater.new(user, user).update(name: '')
end.to change { UserHistory.count }.by(1) end.to change { UserHistory.count }.by(1)
expect(UserHistory.last.action).to eq( expect(UserHistory.last.action).to eq(