monkeytypegame/monkeytype
1
1
Fork 0
mirror of https://github.com/monkeytypegame/monkeytype.git synced 2025-09-10 16:48:40 +08:00
Code Issues Projects Releases Packages Wiki Activity

impr: dont allow taking blocklisted names via update account name

Browse source 
!nuf
This commit is contained in:
Miodec 2025-01-03 23:15:31 +01:00
parent 8e38eae9bc
commit 2a6af862e7
2 changed files with 24 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
backend/__tests__/api/controllers/user.spec.ts
View file

@ -783,6 +783,7 @@ describe("user controller test", () => {
});
});
describe("update name", () => {
const blocklistContainsMock = vi.spyOn(BlocklistDal, "contains");
const getPartialUserMock = vi.spyOn(UserDal, "getPartialUser");
const updateNameMock = vi.spyOn(UserDal, "updateName");
const addImportantLogMock = vi.spyOn(LogDal, "addImportantLog");
@ -791,6 +792,7 @@ describe("user controller test", () => {
getPartialUserMock.mockReset();
updateNameMock.mockReset();
addImportantLogMock.mockReset();
blocklistContainsMock.mockReset();
});
it("should update the username", async () => {
@ -819,6 +821,23 @@ describe("user controller test", () => {
uid
);
});
it("should fail if username is blocked", async () => {
//GIVEN
blocklistContainsMock.mockResolvedValue(true);
//WHEN
const { body } = await mockApp
.patch("/users/name")
.set("authorization", `Uid ${uid}`)
.send({ name: "newName" })
.expect(409);
//THEN
expect(body.message).toEqual("Username blocked");
expect(updateNameMock).not.toHaveBeenCalled();
});
it("should fail for banned users", async () => {
//GIVEN
getPartialUserMock.mockResolvedValue({ banned: true } as any);

5
backend/src/api/controllers/user.ts
View file

@ -326,6 +326,11 @@ export async function updateName(
const { uid } = req.ctx.decodedToken;
const { name } = req.body;
const blocklisted = await BlocklistDal.contains({ name });
if (blocklisted) {
throw new MonkeyError(409, "Username blocked");
}
const user = await UserDAL.getPartialUser(uid, "update name", [
"name",
"banned",