Limit username creation

2025-05-10 18:06:08 +02:00 · 2025-04-29 00:02:19 +02:00 · 2025-04-29 00:02:19 +02:00 · 655789e62d
commit 655789e62d
parent 339ba127eb
4 changed files with 72 additions and 11 deletions
--- a/src/routes/setUsername.ts
+++ b/src/routes/setUsername.ts
@ -70,6 +70,16 @@ export async function setUsername(req: Request, res: Response): Promise<Response
            if (await isUserBanned(hashedUserID)) {
                return res.sendStatus(200);
            }
+
+            const [segments, titles, thumbs] = await Promise.all([
+                db.prepare("get", `SELECT count(*) AS "count" FROM "sponsorTimes" WHERE "userID" = ? LIMIT 1`, [hashedUserID]),
+                db.prepare("get", `SELECT count(*) AS "count" FROM "titles" WHERE "userID" = ? LIMIT 1`, [hashedUserID]),
+                db.prepare("get", `SELECT count(*) AS "count" FROM "thumbnails" WHERE "userID" = ? LIMIT 1`, [hashedUserID]),
+            ]) as {count: number}[];
+
+            if (segments.count === 0 && titles.count === 0 && thumbs.count === 0) {
+                return res.sendStatus(200);
+            }
        }
    }
    catch (error) /* istanbul ignore next */ {
@ -91,6 +101,8 @@ export async function setUsername(req: Request, res: Response): Promise<Response
            } else {
                await db.prepare("run", `UPDATE "userNames" SET "userName" = ?, "locked" = ? WHERE "userID" = ?`, [userName, locked, hashedUserID]);
            }
+        } else if (userName === hashedUserID) {
+            return res.sendStatus(200);
        } else {
            //add to the db
            await db.prepare("run", `INSERT INTO "userNames"("userID", "userName", "locked") VALUES(?, ?, ?)`, [hashedUserID, userName, locked]);
--- a/test/cases/getUsername.ts
+++ b/test/cases/getUsername.ts
@ -1,6 +1,9 @@
 import { getHash } from "../../src/utils/getHash";
 import { client } from "../utils/httpClient";
 import assert from "assert";
+import { insertSegment } from "../utils/segmentQueryGen";
+import { db } from "../../src/databases/databases";
+import { HashedUserID } from "../../src/types/user.model";

 // helpers
 const getUsername = (userID: string) => client({
@ -22,6 +25,10 @@ const userOnePublic = getHash(userOnePrivate);
 const userOneUsername = "getUsername_username";

 describe("getUsername test", function() {
+    before(async () => {
+        await insertSegment(db, { userID: userOnePublic as HashedUserID });
+    });
+
    it("Should get back publicUserID if not set", (done) => {
        getUsername(userOnePrivate)
            .then(result => {
@ -50,4 +57,4 @@ describe("getUsername test", function() {
            })
            .catch(err => done(err));
    });
-});
+});
--- a/test/cases/setUsername.ts
+++ b/test/cases/setUsername.ts
@ -2,6 +2,8 @@ import { db, privateDB } from "../../src/databases/databases";
 import { getHash } from "../../src/utils/getHash";
 import assert from "assert";
 import { client } from "../utils/httpClient";
+import { insertSegment } from "../utils/segmentQueryGen";
+import { HashedUserID } from "../../src/types/user.model";

 const adminPrivateUserID = "testUserId";
 const user00PrivateUserID = "setUsername_00";
@ -21,6 +23,9 @@ const username06 = "Username 06";
 const user07PrivateUserID = "setUsername_07";
 const username07 = "Username 07";
 const user08PrivateUserID = "setUsername_08";
+const user09PrivateUserID = "setUsername_09";
+const completelyNewUsername = "Completely new user";
+const completelyNewUserPrivId = "setUsername_completelyNew";

 async function addUsername(userID: string, userName: string, locked = 0) {
    await db.prepare("run", 'INSERT INTO "userNames" ("userID", "userName", "locked") VALUES(?, ?, ?)', [userID, userName, locked]);
@ -35,8 +40,8 @@ async function getUsernameInfo(userID: string): Promise<{ userName: string, lock
    return row;
 }

-function addLogUserNameChange(userID: string, newUserName: string, oldUserName = "") {
-    privateDB.prepare("run",
+async function addLogUserNameChange(userID: string, newUserName: string, oldUserName = "") {
+    await privateDB.prepare("run",
        `INSERT INTO "userNameLogs"("userID", "newUserName", "oldUserName", "updatedAt", "updatedByAdmin") VALUES(?, ?, ?, ?, ?)`,
        [getHash(userID), newUserName, oldUserName, new Date().getTime(), + true]
    );
@ -88,6 +93,22 @@ describe("setUsername", () => {
        await addUsername(getHash(user05PrivateUserID), username05, 0);
        await addUsername(getHash(user06PrivateUserID), username06, 0);
        await addUsername(getHash(user07PrivateUserID), username07, 1);
+        await addUsername(getHash(user08PrivateUserID), "test", 0);
+
+        for (const privId of [
+            user00PrivateUserID,
+            user01PrivateUserID,
+            user02PrivateUserID,
+            user03PrivateUserID,
+            user04PrivateUserID,
+            user05PrivateUserID,
+            user06PrivateUserID,
+            user07PrivateUserID,
+            user08PrivateUserID,
+            user09PrivateUserID,
+        ]) {
+            await insertSegment(db, { userID: getHash(privId) as HashedUserID });
+        }
    });

    it("Should be able to set username that has never been set", (done) => {
@ -233,14 +254,23 @@ describe("setUsername", () => {
            .catch((err) => done(err));
    });

-    it("Should delete row if new username is same as publicID", (done) => {
+    it("Should delete existing username if new username is same as publicID", async () => {
        const publicID = getHash(user08PrivateUserID);
-        postSetUserName(getHash(user08PrivateUserID), publicID)
-            .then(() => {
-                getUsernameInfo(getHash(user08PrivateUserID))
-                    .then(usernameinfo => done(`Username should be deleted - ${usernameinfo})`))
-                    .catch(() => done());
-            })
-            .catch((err) => done(err));
+        const resp = await postSetUserName(user08PrivateUserID, publicID);
+        assert.strictEqual(resp.status, 200);
+        await assert.rejects(getUsernameInfo(publicID), "Expected the username to be deleted");
+    });
+
+    it("Should silently reject username change if new username is same as publicID", async () => {
+        const publicID = getHash(user09PrivateUserID);
+        const resp = await postSetUserName(user09PrivateUserID, publicID);
+        assert.strictEqual(resp.status, 200);
+        await assert.rejects(getUsernameInfo(publicID), "Expected the username change to be silently rejected");
+    });
+
+    it("Should ignore username change requests for new users", async () => {
+        const resp = await postSetUserName(completelyNewUserPrivId, completelyNewUsername);
+        assert.strictEqual(resp.status, 200);
+        await assert.rejects(getUsernameInfo(getHash(completelyNewUserPrivId)), "Expected the username change to be silently rejected");
    });
 });
--- a/test/cases/setUsernamePrivate.ts
+++ b/test/cases/setUsernamePrivate.ts
@ -4,6 +4,8 @@ import assert from "assert";
 import { client } from "../utils/httpClient";
 import { config } from "../../src/config";
 import sinon from "sinon";
+import { insertSegment } from "../utils/segmentQueryGen";
+import { HashedUserID } from "../../src/types/user.model";

 const USERID_LIMIT = 30;

@ -42,6 +44,16 @@ describe("setUsernamePrivate tests", () => {
    before(async () => {
        await addUsername(getHash(preExisting_underLimit), preExisting_underLimit, 0);
        await addUsername(getHash(preExisting_overLimit), preExisting_overLimit, 0);
+
+        for (const privId of [
+            preExisting_underLimit,
+            preExisting_overLimit,
+            newUser_underLimit,
+            newUser_overLimit,
+            otherUser
+        ]) {
+            await insertSegment(db, { userID: getHash(privId) as HashedUserID });
+        }
    });
    // stub minUserIDLength
    before(() => sinon.stub(config, "minUserIDLength").value(USERID_LIMIT));