From 3948541f1072a9341393ee7826ae3f56aaa1a7a7 Mon Sep 17 00:00:00 2001
From: Prommah <prommah@prommah.com>
Date: Thu, 24 Sep 2015 01:35:30 +0100
Subject: [PATCH] Stricter SteamID validation

---
 app/models/user.rb | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/app/models/user.rb b/app/models/user.rb
index 12554f6..04465fd 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -100,7 +100,8 @@ class User < ActiveRecord::Base
   scope :idle,
     :conditions => ["lastvisit < ?", 30.minutes.ago.utc]
 
-  validates_uniqueness_of :username, :email, :steamid
+  validates_uniqueness_of :username, :email
+  validates_uniqueness_of :steamid, :allow_nil => true
   validates_length_of :firstname, :in => 1..15, :allow_blank => true
   validates_length_of :lastname, :in => 1..25, :allow_blank => true
   validates_length_of :username, :in => 2..20
@@ -108,8 +109,9 @@ class User < ActiveRecord::Base
     validates_presence_of :raw_password, :on => :create
   validates_length_of :email, :maximum => 50
   validates_format_of :email, :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i
-  validates_length_of :steamid, :maximum => 30
-  validates_format_of :steamid, :with => /\A([0-9]{1,10}:){2}[0-9]{1,10}\Z/
+  validates_length_of :steamid, :maximum => 14
+  validates :steamid, presence: true, on: :create
+  validate :validate_steamid
     validates_length_of :time_zone, :maximum => 100, :allow_blank => true, :allow_nil => true
   validates_inclusion_of [:public_email], :in => [true, false], :allow_nil => true
   validate :validate_team
@@ -117,6 +119,8 @@ class User < ActiveRecord::Base
   before_create :init_variables
   before_validation :update_password
 
+  before_save :correct_steamid_universe
+
   accepts_nested_attributes_for :profile
 
   acts_as_versioned
@@ -238,6 +242,18 @@ class User < ActiveRecord::Base
     issues.unread_by(self)
   end
 
+  def validate_steamid
+    if !(self.steamid.nil? || (m = self.steamid.match(/\A([01]):([01]):(\d{1,10})\Z/) and accid = (m[3].to_i<<1)+m[2].to_i and accid > 0 and accid <= 4294967295))
+      errors.add :steamid
+    end
+  end
+
+  def correct_steamid_universe
+    if self.steamid
+      self.steamid[0] = "0"
+    end
+  end
+
   def validate_team
     if team and !active_teams.exists?({:id => team.id})
       errors.add :team