Restrict emojis with a model validation
What does this MR do?
We currently validate name
and username
for emojis only on the frontend. This MR adds a gem (https://github.com/ticky/ruby-emoji-regex) to validate emojis in name
and username
on the Model. It is using the same
emoji regex as the frontend.
Problem
There are users who have an emoji in their name. We also don't know about users on self managed. If we'd add this validation and update a user, we could get a validation error. I can think of two potential solutions:
- Migration which removes emojis from
name
andusername
. This is more desirable from a data consistency point of view, but results into more issues:- We modify the
name
of our users, which doesn't sound right - Changing the
username
has other implications as well, since it's the name of their namespace and links to projects etc. no longer work
- We modify the
- Only validate when the
name
orusername
gets changed.- This wouldn't give us data consistency but new users will not be able to use emojis.
- We need to keep this logic around forever
Any other ideas are welcome!
Issue: #197155
Screenshots (strongly suggested)
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Edited by Nicolas Dular