server/users: fix detecting duplicate user names

server/szurubooru/api/user_api.py

@@ -17,7 +17,7 @@ class UserListApi(BaseApi):
         name = ctx.get_param_as_string('name', required=True)
         password = ctx.get_param_as_string('password', required=True)
         email = ctx.get_param_as_string('email', required=False, default='')
-        user = users.create_user(name, password, email, ctx.user)
+        user = users.create_user(name, password, email)
         if ctx.has_param('rank'):
             users.update_user_rank(
                 user, ctx.get_param_as_string('rank'), ctx.user)
@@ -42,8 +42,7 @@ class UserDetailApi(BaseApi):
         infix = 'self' if ctx.user.user_id == user.user_id else 'any'
         if ctx.has_param('name'):
             auth.verify_privilege(ctx.user, 'users:edit:%s:name' % infix)
-            users.update_user_name(
-                user, ctx.get_param_as_string('name'), ctx.user)
+            users.update_user_name(user, ctx.get_param_as_string('name'))
         if ctx.has_param('password'):
             auth.verify_privilege(ctx.user, 'users:edit:%s:pass' % infix)
             users.update_user_password(

server/szurubooru/func/users.py

@@ -72,9 +72,9 @@ def get_user_by_name_or_email(name_or_email):
         raise UserNotFoundError('User %r not found.' % name_or_email)
     return user
 
-def create_user(name, password, email, auth_user):
+def create_user(name, password, email):
     user = db.User()
-    update_user_name(user, name, auth_user)
+    update_user_name(user, name)
     update_user_password(user, password)
     update_user_email(user, email)
     if get_user_count() > 0:
@@ -85,13 +85,13 @@ def create_user(name, password, email, auth_user):
     user.avatar_style = db.User.AVATAR_GRAVATAR
     return user
 
-def update_user_name(user, name, auth_user):
+def update_user_name(user, name):
     if not name:
         raise InvalidUserNameError('Name cannot be empty.')
     if util.value_exceeds_column_size(name, db.User.name):
         raise InvalidUserNameError('User name is too long.')
     other_user = try_get_user_by_name(name)
-    if other_user and other_user.user_id != auth_user.user_id:
+    if other_user and other_user.user_id != user.user_id:
         raise UserAlreadyExistsError('User %r already exists.' % name)
     name = name.strip()
     name_regex = config.config['user_name_regex']

server/szurubooru/tests/api/test_user_updating.py

@@ -152,12 +152,32 @@ def test_trying_to_become_someone_else(test_ctx):
     db.session.add_all([user1, user2])
     with pytest.raises(users.UserAlreadyExistsError):
         test_ctx.api.put(
-            test_ctx.context_factory(input={'name': 'her'}, user=user1),
-            'me')
+            test_ctx.context_factory(input={'name': 'her'}, user=user1), 'me')
     with pytest.raises(users.UserAlreadyExistsError):
         test_ctx.api.put(
             test_ctx.context_factory(input={'name': 'HER'}, user=user1), 'me')
 
+def test_trying_to_make_someone_into_someone_else(test_ctx):
+    user1 = test_ctx.user_factory(name='him', rank=db.User.RANK_REGULAR)
+    user2 = test_ctx.user_factory(name='her', rank=db.User.RANK_REGULAR)
+    user3 = test_ctx.user_factory(name='me', rank=db.User.RANK_MODERATOR)
+    db.session.add_all([user1, user2, user3])
+    with pytest.raises(users.UserAlreadyExistsError):
+        test_ctx.api.put(
+            test_ctx.context_factory(input={'name': 'her'}, user=user3), 'him')
+    with pytest.raises(users.UserAlreadyExistsError):
+        test_ctx.api.put(
+            test_ctx.context_factory(input={'name': 'HER'}, user=user3), 'him')
+
+def test_renaming_someone_else(test_ctx):
+    user1 = test_ctx.user_factory(name='him', rank=db.User.RANK_REGULAR)
+    user2 = test_ctx.user_factory(name='me', rank=db.User.RANK_MODERATOR)
+    db.session.add_all([user1, user2])
+    test_ctx.api.put(
+        test_ctx.context_factory(input={'name': 'himself'}, user=user2), 'him')
+    test_ctx.api.put(
+        test_ctx.context_factory(input={'name': 'HIMSELF'}, user=user2), 'himself')
+
 def test_mods_trying_to_become_admin(test_ctx):
     user1 = test_ctx.user_factory(name='u1', rank=db.User.RANK_MODERATOR)
     user2 = test_ctx.user_factory(name='u2', rank=db.User.RANK_MODERATOR)