From d3ae9f9a81224dbc149c4872c3ec8f238c303d65 Mon Sep 17 00:00:00 2001
From: Ludy <Ludy87@users.noreply.github.com>
Date: Fri, 15 Nov 2024 10:36:59 +0100
Subject: [PATCH] Prohibit the registration of unauthorized usernames (#2240)

---
 .../software/SPDF/config/security/UserService.java        | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/main/java/stirling/software/SPDF/config/security/UserService.java b/src/main/java/stirling/software/SPDF/config/security/UserService.java
index 4b130d11..6b1457dc 100644
--- a/src/main/java/stirling/software/SPDF/config/security/UserService.java
+++ b/src/main/java/stirling/software/SPDF/config/security/UserService.java
@@ -304,7 +304,13 @@ public class UserService implements UserServiceInterface {
         boolean isValidEmail =
                 username.matches(
                         "^(?=.{1,64}@)[A-Za-z0-9]+(\\.[A-Za-z0-9_+.-]+)*@[^-][A-Za-z0-9-]+(\\.[A-Za-z0-9-]+)*(\\.[A-Za-z]{2,})$");
-        return isValidSimpleUsername || isValidEmail;
+
+        List<String> notAllowedUserList = new ArrayList<>();
+        notAllowedUserList.add("ALL_USERS".toLowerCase());
+
+        boolean notAllowedUser = notAllowedUserList.contains(username.toLowerCase());
+
+        return (isValidSimpleUsername || isValidEmail) && !notAllowedUser;
     }
 
     private String getInvalidUsernameMessage() {