Skip to content

Restrict emojis with a model validation

Nicolas Dular requested to merge nicolasdular/name-unit-specs into master

What does this MR do?

We currently validate name and username for emojis only on the frontend. This MR adds a gem (https://github.com/ticky/ruby-emoji-regex) to validate emojis in name and username on the Model. It is using the same emoji regex as the frontend.

Problem

There are users who have an emoji in their name. We also don't know about users on self managed. If we'd add this validation and update a user, we could get a validation error. I can think of two potential solutions:

  1. Migration which removes emojis from name and username. This is more desirable from a data consistency point of view, but results into more issues:
    1. We modify the name of our users, which doesn't sound right
    2. Changing the username has other implications as well, since it's the name of their namespace and links to projects etc. no longer work
  2. Only validate when the name or username gets changed.
    1. This wouldn't give us data consistency but new users will not be able to use emojis.
    2. We need to keep this logic around forever

Any other ideas are welcome!

Issue: #197155

Screenshots (strongly suggested)

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Nicolas Dular

Merge request reports