From cac92973f7454484c01d12e121900218f4dcb42f Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 10 Aug 2025 13:09:52 +0000
Subject: [PATCH] accounts: Don't allow to register accounts containing the
 word "ipfire"

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/backend/accounts.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/backend/accounts.py b/src/backend/accounts.py
index 21181e22..659df06c 100644
--- a/src/backend/accounts.py
+++ b/src/backend/accounts.py
@@ -349,10 +349,14 @@ class Accounts(Object):
 	def uid_is_valid(self, uid):
 		# https://unix.stackexchange.com/questions/157426/what-is-the-regex-to-validate-linux-users
 		m = re.match(r"^[a-z_][a-z0-9_-]{3,31}$", uid)
-		if m:
-			return True
+		if m is None:
+			return False
 
-		return False
+		# UID cannot contain "ipfire"
+		if "ipfire" in uid:
+			return False
+
+		return True
 
 	def uid_exists(self, uid):
 		if self.get_by_uid(uid):
-- 
2.47.2