From 36ac66303af5e70fba351bd4d4bb90def65e092b Mon Sep 17 00:00:00 2001
From: Alexander Machehin <alexander.machehin@gmail.com>
Date: Wed, 7 Nov 2012 15:30:34 +0600
Subject: [PATCH] fixed user uname validation

---
 app/models/user.rb       | 2 +-
 spec/models/user_spec.rb | 8 +++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/app/models/user.rb b/app/models/user.rb
index fe76e0b3e..57f74a044 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -29,7 +29,7 @@ class User < Avatar
 
   has_many :key_pairs
 
-  validates :uname, :presence => true, :uniqueness => {:case_sensitive => false}, :format => {:with => /^[a-z0-9_]+$/}, :reserved_name => true
+  validates :uname, :presence => true, :uniqueness => {:case_sensitive => false}, :format => {:with => /\A[a-z0-9_]+\Z/}, :reserved_name => true
   validate { errors.add(:uname, :taken) if Group.by_uname(uname).present? }
   validates :role, :inclusion => {:in => ROLES}, :allow_blank => true
   validates :language, :inclusion => {:in => LANGUAGES}, :allow_blank => true
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 75e39175d..38cc1f01b 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -45,7 +45,7 @@ describe User do
   context 'for group project' do
     before(:each) do
       @project.relations.destroy_all
-      
+
       @project.owner = @group
       @project.save
       @project.relations.create :actor_id => @project.owner.id, :actor_type => @project.owner.class.to_s, :role => 'admin'
@@ -92,4 +92,10 @@ describe User do
     end
   end
 
+  context "User creating" do
+    it "'hacked' uname should not pass" do
+      lambda {User.create! :uname => "new_user\nhacked!", :email => 'new_user@hacker.mm',
+                           :password => '123456'}.should raise_error(ActiveRecord::RecordInvalid)
+    end
+  end
 end