From 5315870dbdcdbfc31696636e773f6dfd674b75d1 Mon Sep 17 00:00:00 2001
From: Las Zenow <zenow@riseup.net>
Date: Sun, 8 Apr 2018 08:20:18 +0000
Subject: [PATCH] Be more strict validating user names

---
 lib/database/users.go | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/lib/database/users.go b/lib/database/users.go
index ad46164..66e5ed8 100644
--- a/lib/database/users.go
+++ b/lib/database/users.go
@@ -22,7 +22,7 @@ func (db *pgDB) AddUser(name string, pass string) error {
 	if !validUserName(name) {
 		return errors.New("Invalid user name")
 	}
-	num, err := db.sql.Model(&user{}).Where("username = ?", name).Count()
+	num, err := db.sql.Model(&user{}).Where("lower(username) = lower(?)", name).Count()
 	if err != nil {
 		log.Error("Error on database checking user ", name, ": ", err)
 		return errors.New("An error happen on the database")
@@ -57,7 +57,7 @@ func (db *pgDB) GetRole(name string) (string, error) {
 
 func (db *pgDB) ValidPassword(name string, pass string) bool {
 	var u user
-	err := db.sql.Model(&u).Where("username = ?", name).Select()
+	err := db.sql.Model(&u).Where("lower(username) = lower(?)", name).Select()
 	if err != nil {
 		return false
 	}
@@ -82,7 +82,12 @@ func (db *pgDB) SetPassword(name string, pass string) error {
 }
 
 func validUserName(name string) bool {
-	return name != ""
+	switch name {
+	case "", "admin", "webmaster", "postmaster", "info", "root", "news":
+		return false
+	default:
+		return true
+	}
 }
 
 func hashPass(pass string) (hash []byte, salt []byte, err error) {