Freegle / Iznik / 4619 / 4619

70%

master: 70%

push

circleci

feat: sanitize misleading display names for non-mod users (#165)

Non-moderator users whose display name trades on the Freegle brand or
poses as a generic authority persona ("Admin", "Prize Winner") now
have their name rewritten to "A freegler" on display. Storage is
untouched — the user receives no signal that their name has been
flagged.

Exempt: systemrole Moderator/Support/Admin, or Owner/Moderator on any
group (many volunteers legitimately use Freegle-themed names).

Detection rules (see iznik-server-go/user/namevalidation.go):
 1. Any token fuzzy-matches a Tier A brand word (Damerau-Levenshtein
    ≤ 2, bounded by length difference).
 2. Concatenated form (obfuscation-resistant) matches a Tier A word.
 3. Weak-brand token ("freegler") alongside a Tier B authority word.
 4. Every token is a Tier B authority word.

Normalisation handles NFKD (diacritics, ZWJ), leet-speak (0→o, 3→e…)
and non-alphanumeric stripping, so "Fr33gle Supp0rt", "i Love freegle
Team" and "free.cycle" all match.

Applied at two egress points:
 - Go API GetUserById (primary user fetch path)
 - Laravel batch User::display_name accessor (emails)

The frontend resolves display names via the user store, so the Go
sanitiser covers user-facing API responses. V2 API stays ID-only.

TDD: failing tests first, then implementation.

Addresses Discourse thread #9587.

4597 of 10275 branches covered (44.74%)

Branch coverage included in aggregate %.

2037 of 4256 relevant lines covered (47.86%)

77.14 hits per line