Skip to content

Add protected usernames restriction to sign-up #7887

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
f2c-ci-robot merged 9 commits into from
Oct 31, 2025
Merged

Add protected usernames restriction to sign-up #7887

f2c-ci-robot merged 9 commits into from
Oct 31, 2025

Conversation

@liuyiwuqing
Copy link
Contributor

@liuyiwuqing liuyiwuqing commented Oct 30, 2025
edited
Loading

What type of PR is this?

/kind feature

What this PR does / why we need it:

  • 自定义设置限制用户名注册
image 803e971cf23cebb212379cbc35c5d3a2

Which issue(s) this PR fixes:

Fixes #7165

Does this PR introduce a user-facing change?

用户注册支持设置受保护用户名

@liuyiwuqing
feat(auth): 添加限制用户名注册功能
2561ecc 
- 新增 RestrictedNameException 异常类用于处理受限用户名
- 在注册端点中添加对受限用户名的检查逻辑
- 更新模板文件以显示受限用户名错误信息
- 在系统设置中添加受限用户名配置项
- 支持多语言显示受限用户名错误提示
- 完善用户服务中的用户名验证逻辑
@f2c-ci-robot f2c-ci-robot bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/feature Categorizes issue or PR as related to a new feature. labels Oct 30, 2025
ruibaby
ruibaby requested changes Oct 30, 2025
View reviewed changes
liuyiwuqing and others added 3 commits October 30, 2025 16:04
@liuyiwuqing
Merge branch 'halo-dev:main' into username-registration-limit
b36a9c7
@liuyiwuqing
feat(core): 更新用户注册限制逻辑以支持保留用户名配置
b901ed2 
- 将系统设置中的 restrictedUsernames 字段重命名为 protectedUsernames
- 修改前端模板及多语言资源文件中相关错误提示文案
- 调整用户注册服务逻辑,支持通过逗号分隔的字符串配置保留用户名
- 更新系统默认保留用户名列表至配置项
- 优化前端提示信息键名为 form.error.protectedUsernames 并同步多语言翻译
@liuyiwuqing
Merge branch 'main' into username-registration-limit
5a2169c
@ruibaby ruibaby changed the title feat(auth): 添加限制用户名注册功能 Add protected usernames restriction to sign-up Oct 30, 2025
@ruibaby ruibaby added this to the 2.22.x milestone Oct 30, 2025
@ruibaby ruibaby added the area/core Issues or PRs related to the Halo Core label Oct 30, 2025
@ruibaby ruibaby requested review from JohnNiang and Copilot October 30, 2025 15:08
ruibaby
ruibaby reviewed Oct 30, 2025
View reviewed changes
Copy link
Member

@ruibaby ruibaby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@f2c-ci-robot f2c-ci-robot bot added the lgtm Indicates that a PR is ready to be merged. label Oct 30, 2025
@codecov
Copy link

codecov bot commented Oct 30, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 26.66667% with 11 lines in your changes missing coverage. Please review.
✅ Project coverage is 61.19%. Comparing base (42c374d) to head (9ab70ef).
⚠️ Report is 232 commits behind head on main.

Files with missing lines Patch % Lines
...lo/app/core/user/service/impl/UserServiceImpl.java 36.36% 6 Missing and 1 partial ⚠️
...o/app/infra/exception/RestrictedNameException.java 0.00% 2 Missing ⚠️
...lo/app/security/preauth/PreAuthSignUpEndpoint.java 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff              @@
##               main    #7887      +/-   ##
============================================
+ Coverage     59.55%   61.19%   +1.63%     
- Complexity     3812     3932     +120     
============================================
  Files           677      689      +12     
  Lines         23248    23498     +250     
  Branches       1500     1521      +21     
============================================
+ Hits          13846    14380     +534     
+ Misses         8764     8392     -372     
- Partials        638      726      +88

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Copilot AI reviewed Oct 30, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request implements a protected usernames feature to prevent users from registering with reserved usernames during the signup process.

  • Adds a new RestrictedNameException to handle restricted username validation
  • Introduces a protectedUsernames configuration field in system settings with a default list of reserved names
  • Validates usernames against the protected list during signup with appropriate error handling and user-facing messages

Reviewed Changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
RestrictedNameException.java New exception class for restricted username validation
UserServiceImpl.java Implements username validation logic against protected list during signup
SystemSetting.java Adds protectedUsernames field to User settings model
system-setting.yaml Adds textarea field for configuring protected usernames with default values
PreAuthSignUpEndpoint.java Handles RestrictedNameException and maps to error state
signup.html Displays error message when restricted username is used
signup*.properties Adds localized error messages for restricted username validation

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

JohnNiang
JohnNiang requested changes Oct 30, 2025
View reviewed changes
Copy link
Member

@JohnNiang JohnNiang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for contributing this project!

I left two comments below.

@liuyiwuqing
feat(user): 提取用户名保护检查逻辑到独立方法
6deb1ec 
- 将受保护用户名检查逻辑提取到 isUsernameAllowed 方法中
- 使用 Set 替代 List 提高查找性能
- 添加用户名大小写不敏感比较
- 优化受保护用户名集合的构建过程
- 确保受保护用户名集合不可变且去重
@f2c-ci-robot f2c-ci-robot bot removed the lgtm Indicates that a PR is ready to be merged. label Oct 31, 2025
@liuyiwuqing
refactor(user): 移除未使用的List导入
547dc5a
@liuyiwuqing
fix(user):修复受保护用户名检查逻辑
1820824 
- 调整流操作顺序以确保唯一性检查在转换为小写后执行
- 修复可能因大小写导致的重复条目问题
@wan92hen
Copy link
Collaborator

wan92hen commented Oct 31, 2025

如果需要禁用的比较多,这种配置方式感觉略复杂。是否直接长本文加特定分隔符的配置方式就可以。

@ruibaby
Copy link
Member

ruibaby commented Oct 31, 2025

如果需要禁用的比较多,这种配置方式感觉略复杂。是否直接长本文加特定分隔符的配置方式就可以。

已经改了,#7887 (comment)

@liuyiwuqing 可以考虑更新下截图。

@liuyiwuqing
Copy link
Contributor Author

liuyiwuqing commented Oct 31, 2025

如果需要禁用的比较多,这种配置方式感觉略复杂。是否直接长本文加特定分隔符的配置方式就可以。

已经改了,#7887 (comment)

@liuyiwuqing 可以考虑更新下截图。

已更新相关截图

@ruibaby
Copy link
Member

ruibaby commented Oct 31, 2025

还有一个 checkstyle 的问题:https://github.com/halo-dev/halo/pull/7887/checks

修复之后就可以合并了。

@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 31, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@liuyiwuqing
Copy link
Contributor Author

liuyiwuqing commented Oct 31, 2025

还有一个 checkstyle 的问题:https://github.com/halo-dev/halo/pull/7887/checks

修复之后就可以合并了。

已修复

JohnNiang
JohnNiang approved these changes Oct 31, 2025
View reviewed changes
Copy link
Member

@JohnNiang JohnNiang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@f2c-ci-robot f2c-ci-robot bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 31, 2025
ruibaby
ruibaby approved these changes Oct 31, 2025
View reviewed changes
Copy link
Member

@ruibaby ruibaby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@f2c-ci-robot f2c-ci-robot bot added the lgtm Indicates that a PR is ready to be merged. label Oct 31, 2025
@f2c-ci-robot
Copy link

f2c-ci-robot bot commented Oct 31, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JohnNiang, ruibaby

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@f2c-ci-robot f2c-ci-robot bot merged commit 5a47be9 into halo-dev:main Oct 31, 2025
10 checks passed
@ruibaby ruibaby modified the milestones: 2.22.x, 2.22.0 Oct 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@JohnNiang JohnNiang JohnNiang approved these changes

@ruibaby ruibaby ruibaby approved these changes

Assignees

@ruibaby ruibaby

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. area/core Issues or PRs related to the Halo Core kind/feature Categorizes issue or PR as related to a new feature. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes.

Projects

None yet

Milestone

2.22.0

Development

Successfully merging this pull request may close these issues.

希望能选择性禁止指定用户名注册

4 participants

@liuyiwuqing @wan92hen @ruibaby @JohnNiang