From 0212167b3e02c6932b6e33609bc29e6e7243c26c Mon Sep 17 00:00:00 2001
From: Kyle Drake <kyle@kyledrake.net>
Date: Tue, 23 May 2017 12:39:11 -0700
Subject: [PATCH] fix for username length spam

---
 models/site.rb | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/models/site.rb b/models/site.rb
index 5ba07c4a..fc0f14ba 100644
--- a/models/site.rb
+++ b/models/site.rb
@@ -137,8 +137,9 @@ class Site < Sequel::Model
   DISPOSABLE_EMAIL_BLACKLIST_PATH = File.join(DIR_ROOT, 'files', 'disposable_email_blacklist.conf')
 
   BLOCK_JERK_THRESHOLD = 2
-
   MAXIMUM_TAGS = 5
+  MAX_USERNAME_LENGTH = 25.freeze
+  MAX_USERNAME_LENGTH_CUTOFF = Time.parse('May 22, 2017')
 
   def self.newsletter_sites
      Site.select(:email).
@@ -565,6 +566,10 @@ class Site < Sequel::Model
     !username.empty? && username.match(/^[a-zA-Z0-9_\-]+$/i)
   end
 
+  def username_too_long?
+    (new? || (created_at && created_at > MAX_USERNAME_LENGTH_CUTOFF)) && values[:username].length > MAX_USERNAME_LENGTH
+  end
+
   def self.disposable_email_domains
     File.readlines(DISPOSABLE_EMAIL_BLACKLIST_PATH).collect {|d| d.strip}
   end
@@ -890,6 +895,10 @@ class Site < Sequel::Model
       errors.add :username, 'Usernames can only contain letters, numbers, underscores and hyphens.'
     end
 
+    if username_too_long?
+      errors.add :username, "Username length cannot be greater than #{MAX_USERNAME_LENGTH} characters."
+    end
+
     if new? && !values[:username].nil? && !values[:username].empty?
       # TODO regex fails for usernames <= 2 chars, tempfix for now.
       if new? && values[:username].nil? || (values[:username].length > 2 && !values[:username].match(VALID_HOSTNAME))