From 372b22aa48413ffc0264148455e36a7fb17d7718 Mon Sep 17 00:00:00 2001
From: Kyle Drake <kyle@kyledrake.net>
Date: Thu, 3 Oct 2024 14:22:46 -0500
Subject: [PATCH] fix for username regex

---
 models/site.rb                   |  2 +-
 tests/acceptance/signup_tests.rb |  8 ++++++++
 tests/site_tests.rb              | 11 +++++++++++
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/models/site.rb b/models/site.rb
index 84d00ef0..365d5444 100644
--- a/models/site.rb
+++ b/models/site.rb
@@ -683,7 +683,7 @@ class Site < Sequel::Model
   end
 
   def self.valid_username?(username)
-    !username.empty? && username.match(/^[a-zA-Z0-9][a-zA-Z0-9_\-]+[a-zA-Z0-9]$/i)
+    !username.empty? && username.match(/^[a-zA-Z0-9]([a-zA-Z0-9_\-]{0,}[a-zA-Z0-9])?$/i) != nil
   end
 
   def self.disposable_email_domains_whitelist
diff --git a/tests/acceptance/signup_tests.rb b/tests/acceptance/signup_tests.rb
index 9917e0a2..8f9b8117 100644
--- a/tests/acceptance/signup_tests.rb
+++ b/tests/acceptance/signup_tests.rb
@@ -25,6 +25,10 @@ describe 'signup' do
   end
 
   before do
+    reset_signup
+  end
+
+  def reset_signup
     Capybara.default_driver = :selenium_chrome_headless_largewindow
     Capybara.reset_sessions!
     visit_signup
@@ -107,9 +111,13 @@ describe 'signup' do
     fill_in 'username', with: '|\|0p|E'
     click_signup_button
     _(page).must_have_content 'Usernames can only contain'
+    reset_signup
+    fill_in_valid
     fill_in 'username', with: 'nope-'
     click_signup_button
     _(page).must_have_content 'Usernames can only contain'
+    reset_signup
+    fill_in_valid
     fill_in 'username', with: '-nope'
     click_signup_button
     _(page).must_have_content 'Usernames can only contain'
diff --git a/tests/site_tests.rb b/tests/site_tests.rb
index 939453a1..93cc185b 100644
--- a/tests/site_tests.rb
+++ b/tests/site_tests.rb
@@ -5,6 +5,17 @@ def app
 end
 
 describe Site do
+  describe 'username' do
+    it 'only passes valid hostnames for username' do
+      _(Site.valid_username?('|\|0p|E')).must_equal false
+      _(Site.valid_username?('nope-')).must_equal false
+      _(Site.valid_username?('-nope')).must_equal false
+      _(Site.valid_username?('do-pe')).must_equal true
+      _(Site.valid_username?('d')).must_equal true
+      _(Site.valid_username?('do')).must_equal true
+    end
+  end
+
   describe 'banning' do
     it 'still makes files available' do
       site = Fabricate :site