Add UsernameBlockListEntry and tie it to is_reserved, and the admin panel. (Fixes #831)#833
Open
MelissaAutumn wants to merge 1 commit into
Open
Add UsernameBlockListEntry and tie it to is_reserved, and the admin panel. (Fixes #831)#833MelissaAutumn wants to merge 1 commit into
UsernameBlockListEntry and tie it to is_reserved, and the admin panel. (Fixes #831)#833MelissaAutumn wants to merge 1 commit into
Conversation
af84e42 to
0fd5e5e
Compare
Contributor
|
(I pushed an amended commit to resolve the conflicts). |
markstos
approved these changes
May 21, 2026
markstos
left a comment
Contributor
There was a problem hiding this comment.
For what it's worth, The Ghost project also uses a two-tier system
for blocking. In their case it's for domains they want to ban from
registering because they are associated with spamming. They offer
both a system level defined in configuration as well as a user-editable
level stored in a database. It seems like a sensible approach here, too.
Security and validation here looks good enough for a admin-only feature for trusted users, but there some extra safeguards worth considering:
- Add max length guardrail to the field, like 1024 characters. Extremely long patterns could cause regex performance problems. But if untrusted users have admin access, there are bigger problems. Minor concern.
- I tested various edge cases which were valid, but it's not clear why need to support:
- Tested "**"
- Tested "?" and "[test]", as both these are treated specially by
fnmatch. It appears these additional characters are also treated specially as part of the regex, but it's not clear that we need to bother excluding them either. This variant of regex is forgiving and I couldn't find any combination which could cause a crash. Again, with trusted admins this is not a great concern.
QA Log
- Read the docs for https://docs.python.org/3/library/fnmatch.html#fnmatch.fnmatch
- Reviewed code
- Checked that DB index is present.
- Tested migration and /admin actions manually.
- Used
docker compose exec accounts ./manage.py migrateto run migration. - Shows up in admin area.
- Tested adding entries with various fnmatch edge cases
- Used
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #831
I don't like the part where I pull all entries and check them sequentially, but this works for now.
I didn't use a regex lookup so we could simply use
*for wildcard entries, the function also is case insensitive which is also good.