prevent users to validate nicknames/emails taken by user groups (#9452)…

… (#9527) Co-authored-by: Ivan Vergés <ivan@platoniq.net>
decidim · Jul 13, 2022 · 806bd45 · 806bd45
1 parent 5a17a00
commit 806bd45
Show file tree

Hide file tree

Showing 4 changed files with 64 additions and 21 deletions.
diff --git a/decidim-core/app/forms/decidim/account_form.rb b/decidim-core/app/forms/decidim/account_form.rb
@@ -50,7 +50,7 @@ def password_present
     end
 
     def unique_email
-      return true if Decidim::User.where(
+      return true if Decidim::UserBaseEntity.where(
         organization: context.current_organization,
         email: email
       ).where.not(id: context.current_user.id).empty?
@@ -60,9 +60,10 @@ def unique_email
     end
 
     def unique_nickname
-      return true if Decidim::User.where(
-        organization: context.current_organization,
-        nickname: nickname
+      return true if Decidim::UserBaseEntity.where(
+        "decidim_organization_id = ? AND LOWER(nickname) = ? ",
+        context.current_organization.id,
+        nickname.downcase
       ).where.not(id: context.current_user.id).empty?
 
       errors.add :nickname, :taken

diff --git a/decidim-core/app/forms/decidim/registration_form.rb b/decidim-core/app/forms/decidim/registration_form.rb
@@ -35,11 +35,17 @@ def newsletter_at
     private
 
     def email_unique_in_organization
-      errors.add :email, :taken if User.no_active_invitation.find_by(email: email, organization: current_organization).present?
+      errors.add :email, :taken if valid_users.find_by(email: email, organization: current_organization).present?
     end
 
     def nickname_unique_in_organization
-      errors.add :nickname, :taken if User.no_active_invitation.find_by(nickname: nickname, organization: current_organization).present?
+      return false unless nickname
+
+      errors.add :nickname, :taken if valid_users.find_by("LOWER(nickname)= ? AND decidim_organization_id = ?", nickname.downcase, current_organization.id).present?
+    end
+
+    def valid_users
+      UserBaseEntity.where(invitation_token: nil)
     end
 
     def no_pending_invitations_exist

diff --git a/decidim-core/spec/forms/account_form_spec.rb b/decidim-core/spec/forms/account_form_spec.rb
@@ -59,10 +59,20 @@ module Decidim
       end
 
       context "when it's already in use in the same organization" do
-        let!(:existing_user) { create(:user, email: email, organization: organization) }
+        context "and belongs to a user" do
+          let!(:existing_user) { create(:user, email: email, organization: organization) }
 
-        it "is invalid" do
-          expect(subject).not_to be_valid
+          it "is invalid" do
+            expect(subject).not_to be_valid
+          end
+        end
+
+        context "and belongs to a group" do
+          let!(:existing_group) { create(:user_group, email: email, organization: organization) }
+
+          it "is invalid" do
+            expect(subject).not_to be_valid
+          end
         end
       end
 
@@ -85,10 +95,20 @@ module Decidim
       end
 
       context "when it's already in use in the same organization" do
-        let!(:existing_user) { create(:user, nickname: nickname, organization: organization) }
+        context "and belongs to a user" do
+          let!(:existing_user) { create(:user, nickname: nickname, organization: organization) }
 
-        it "is invalid" do
-          expect(subject).not_to be_valid
+          it "is invalid" do
+            expect(subject).not_to be_valid
+          end
+        end
+
+        context "and belongs to a group" do
+          let!(:existing_group) { create(:user_group, nickname: nickname, organization: organization) }
+
+          it "is invalid" do
+            expect(subject).not_to be_valid
+          end
         end
       end
 

diff --git a/decidim-core/spec/forms/registration_form_spec.rb b/decidim-core/spec/forms/registration_form_spec.rb
@@ -66,26 +66,42 @@ module Decidim
     end
 
     context "when the email already exists" do
-      let!(:user) { create(:user, organization: organization, email: email) }
+      context "and a user has the email" do
+        let!(:user) { create(:user, organization: organization, email: email) }
 
-      it { is_expected.to be_invalid }
+        it { is_expected.to be_invalid }
+
+        context "and is pending to accept the invitation" do
+          let!(:user) { create(:user, organization: organization, email: email, invitation_token: "foo", invitation_accepted_at: nil) }
 
-      context "and is pending to accept the invitation" do
-        let!(:user) { create(:user, organization: organization, email: email, invitation_token: "foo", invitation_accepted_at: nil) }
+          it { is_expected.to be_invalid }
+        end
+      end
+
+      context "and a user_group has the email" do
+        let!(:user_group) { create(:user_group, organization: organization, email: email) }
 
         it { is_expected.to be_invalid }
       end
     end
 
     context "when the nickname already exists" do
-      let!(:user) { create(:user, organization: organization, nickname: nickname) }
+      context "and a user has the nickname" do
+        let!(:user) { create(:user, organization: organization, nickname: nickname.upcase) }
 
-      it { is_expected.to be_invalid }
+        it { is_expected.to be_invalid }
+
+        context "and is pending to accept the invitation" do
+          let!(:user) { create(:user, organization: organization, nickname: nickname, invitation_token: "foo", invitation_accepted_at: nil) }
 
-      context "and is pending to accept the invitation" do
-        let!(:user) { create(:user, organization: organization, nickname: nickname, invitation_token: "foo", invitation_accepted_at: nil) }
+          it { is_expected.to be_valid }
+        end
+      end
 
-        it { is_expected.to be_valid }
+      context "and a user_group has the nickname" do
+        let!(:user_group) { create(:user_group, organization: organization, nickname: nickname) }
+
+        it { is_expected.to be_invalid }
       end
     end