diff --git a/backend/__tests__/api/controllers/user.spec.ts b/backend/__tests__/api/controllers/user.spec.ts index 746d8696f..d6164eeb6 100644 --- a/backend/__tests__/api/controllers/user.spec.ts +++ b/backend/__tests__/api/controllers/user.spec.ts @@ -783,6 +783,7 @@ describe("user controller test", () => { }); }); describe("update name", () => { + const blocklistContainsMock = vi.spyOn(BlocklistDal, "contains"); const getPartialUserMock = vi.spyOn(UserDal, "getPartialUser"); const updateNameMock = vi.spyOn(UserDal, "updateName"); const addImportantLogMock = vi.spyOn(LogDal, "addImportantLog"); @@ -791,6 +792,7 @@ describe("user controller test", () => { getPartialUserMock.mockReset(); updateNameMock.mockReset(); addImportantLogMock.mockReset(); + blocklistContainsMock.mockReset(); }); it("should update the username", async () => { @@ -819,6 +821,23 @@ describe("user controller test", () => { uid ); }); + + it("should fail if username is blocked", async () => { + //GIVEN + blocklistContainsMock.mockResolvedValue(true); + + //WHEN + const { body } = await mockApp + .patch("/users/name") + .set("authorization", `Uid ${uid}`) + .send({ name: "newName" }) + .expect(409); + + //THEN + expect(body.message).toEqual("Username blocked"); + expect(updateNameMock).not.toHaveBeenCalled(); + }); + it("should fail for banned users", async () => { //GIVEN getPartialUserMock.mockResolvedValue({ banned: true } as any); diff --git a/backend/src/api/controllers/user.ts b/backend/src/api/controllers/user.ts index 755ec52fe..366d0d584 100644 --- a/backend/src/api/controllers/user.ts +++ b/backend/src/api/controllers/user.ts @@ -326,6 +326,11 @@ export async function updateName( const { uid } = req.ctx.decodedToken; const { name } = req.body; + const blocklisted = await BlocklistDal.contains({ name }); + if (blocklisted) { + throw new MonkeyError(409, "Username blocked"); + } + const user = await UserDAL.getPartialUser(uid, "update name", [ "name", "banned",