From e9bb5cbafae4b2b80c17733fcda35c8ea07d7fce Mon Sep 17 00:00:00 2001
From: Rodrigo Nascimento <rodrigoknascimento@gmail.com>
Date: Mon, 24 Aug 2015 13:52:12 -0300
Subject: [PATCH] Better validation and error handling for room rename. Fixes
 #566

---
 client/views/app/room.coffee       | 12 +++++++++++-
 server/methods/saveRoomName.coffee |  7 +++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/client/views/app/room.coffee b/client/views/app/room.coffee
index 299baabfada..70c28eba85d 100644
--- a/client/views/app/room.coffee
+++ b/client/views/app/room.coffee
@@ -704,9 +704,10 @@ Template.room.onRendered ->
 	RoomHistoryManager.getMoreIfIsEmpty this.data._id
 
 renameRoom = (rid, name) ->
+	name = name?.toLowerCase().trim()
 	console.log 'room renameRoom' if window.rocketDebug
 	room = Session.get('roomData' + rid)
-	if room.name == name
+	if room.name is name
 		Session.set('editRoomTitle', false)
 		return false
 
@@ -723,6 +724,15 @@ renameRoom = (rid, name) ->
 
 			toastr.success t('Room_name_changed_successfully')
 		if error
+			if error.error is 'name-invalid'
+				toastr.error t('Invalid_room_name', name)
+				return
+			if error.error is 'duplicate-name'
+				if room.t is 'c'
+					toastr.error t('Duplicate_channel_name', name)
+				else
+					toastr.error t('Duplicate_private_group_name', name)
+				return
 			toastr.error error.reason
 
 toggleAddUser = ->
diff --git a/server/methods/saveRoomName.coffee b/server/methods/saveRoomName.coffee
index 0a271148787..be073725c46 100644
--- a/server/methods/saveRoomName.coffee
+++ b/server/methods/saveRoomName.coffee
@@ -8,11 +8,18 @@ Meteor.methods
 		if room.u._id isnt Meteor.userId() or room.t not in ['c', 'p']
 			throw new Meteor.Error 403, 'Not allowed'
 
+		if not /^[0-9a-z-_]+$/.test name
+			throw new Meteor.Error 'name-invalid'
+
 		name = _.slugify name
 
 		if name is room.name
 			return
 
+		# avoid duplicate names
+		if ChatRoom.findOne({name:name})
+			throw new Meteor.Error 'duplicate-name'
+
 		ChatRoom.update rid,
 			$set:
 				name: name