don't allow self registration of accounts where first name = last name (#48162)

2020-11-01 14:59:14 +01:00 · 2020-11-01 14:59:14 +01:00 · 6be11d73c7
parent 564291559f
commit 6be11d73c7
2 changed files with 54 additions and 0 deletions
--- a/init.rb
+++ b/init.rb
@ -5,6 +5,7 @@ require_dependency 'project_model_patch'
 require_dependency 'mailer_patch'
 require_dependency 'attachments_controller_patch'
 require_dependency 'git_adapter_patch'
+require_dependency 'account_controller_patch'

 Redmine::Plugin.register :redmine_entrouvert do
  name 'Redmine Entr\'ouvert plugin'
--- a/lib/account_controller_patch.rb
+++ b/lib/account_controller_patch.rb
@ -0,0 +1,53 @@
+module AccountControllerNameCheckPatch
+  def self.included(base)
+    base.class_eval do
+      def register
+        (redirect_to(home_url); return) unless Setting.self_registration? || session[:auth_source_registration]
+        if request.get?
+          session[:auth_source_registration] = nil
+          @user = User.new(:language => current_language.to_s)
+        else
+          user_params = params[:user] || {}
+          @user = User.new
+          @user.safe_attributes = user_params
+          @user.pref.attributes = params[:pref] if params[:pref]
+          @user.admin = false
+          if @user.firstname == @user.lastname
+            # common spam pattern
+            flash[:error] = "Error registering account."
+            redirect_to home_url
+            return
+          end
+          @user.register
+          if session[:auth_source_registration]
+            @user.activate
+            @user.login = session[:auth_source_registration][:login]
+            @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
+            if @user.save
+              session[:auth_source_registration] = nil
+              self.logged_user = @user
+              flash[:notice] = l(:notice_account_activated)
+              redirect_to my_account_path
+            end
+          else
+            @user.login = params[:user][:login]
+            unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
+              @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
+            end
+
+            case Setting.self_registration
+            when '1'
+              register_by_email_activation(@user)
+            when '3'
+              register_automatically(@user)
+            else
+              register_manually_by_administrator(@user)
+            end
+          end
+        end
+      end
+    end
+  end
+end
+
+AccountController.send(:include, AccountControllerNameCheckPatch)