Solved a security issue

Users could create accounts named Admin, ROOT, etc.
2019-11-21 16:27:53 +01:00 · 2019-11-21 16:27:53 +01:00 · ad41b5be38
parent 2ed10a5a9d
commit ad41b5be38
1 changed files with 2 additions and 2 deletions
--- a/app/utils/valid_name.py
+++ b/app/utils/valid_name.py
@ -27,7 +27,7 @@ def valid_name(name, msg=False):

    # Rule 2
    try:
-        normalize(name)
+        normalized_name = normalize(name)
    except ValueError:
        errors.append("cant-normalize")

@ -36,7 +36,7 @@ def valid_name(name, msg=False):
        errors.append("no-letter")

    # Rule 4
-    if name in V5Config.FORBIDDEN_USERNAMES:
+    if normalized_name in V5Config.FORBIDDEN_USERNAMES:
        errors.append("forbidden")

    return True if errors == [] else errors