Buxfixed: if username contains space, it will cause @ commment failed to send out email and other

client/components/main/editor.js

@@ -94,7 +94,13 @@ Template.editor.onRendered(() => {
           currentBoard
             .activeMembers()
             .map(member => {
-              const username = Users.findOne(member.userId).username;
+              const user = Users.findOne(member.userId);
+              if (user._id === Meteor.userId()) {
+                return null;
+              }
+              const value = user.username;
+              const username =
+                value && value.match(/\s+/) ? `"${value}"` : value;
               return username.includes(term) ? username : null;
             })
             .filter(Boolean),
@@ -120,9 +126,10 @@ Template.editor.onRendered(() => {
       ? [
           ['view', ['fullscreen']],
           ['table', ['table']],
-          ['font', ['bold', 'underline']],
-          //['fontsize', ['fontsize']],
+          ['font', ['bold']],
           ['color', ['color']],
+          ['insert', ['video']], // iframe tag will be sanitized TODO if iframe[class=note-video-clip] can be added into safe list, insert video can be enabled
+          //['fontsize', ['fontsize']],
         ]
       : [
           ['style', ['style']],
@@ -345,11 +352,12 @@ Blaze.Template.registerHelper(
       }
       return member;
     });
-    const mentionRegex = /\B@([\w.]*)/gi;
+    const mentionRegex = /\B@(?:(?:"([\w.\s]*)")|([\w.]+))/gi; // including space in username
 
     let currentMention;
     while ((currentMention = mentionRegex.exec(content)) !== null) {
-      const [fullMention, username] = currentMention;
+      const [fullMention, quoteduser, simple] = currentMention;
+      const username = quoteduser || simple;
       const knowedUser = _.findWhere(knowedUsers, { username });
       if (!knowedUser) {
         continue;

models/activities.js

@@ -180,28 +180,34 @@ if (Meteor.isServer) {
       const comment = activity.comment();
       params.comment = comment.text;
       if (board) {
-        const atUser = /(?:^|>|\b|\s)@(\S+?)(?:\s|$|<|\b)/g;
         const comment = params.comment;
-        if (comment.match(atUser)) {
-          const commenter = params.user;
-          while (atUser.exec(comment)) {
-            const username = RegExp.$1;
-            if (commenter === username) {
-              // it's person at himself, ignore it?
-              continue;
-            }
-            const atUser =
-              Users.findOne(username) || Users.findOne({ username });
-            if (atUser && atUser._id) {
-              const uid = atUser._id;
-              params.atUsername = username;
-              params.atEmails = atUser.emails;
-              if (board.hasMember(uid)) {
-                title = 'act-atUserComment';
-                watchers = _.union(watchers, [uid]);
-              }
-            }
+        const knownUsers = board.members.map(member => {
+          const u = Users.findOne(member.userId);
+          if (u) {
+            member.username = u.username;
+            member.emails = u.emails;
           }
+          return member;
+        });
+        const mentionRegex = /\B@(?:(?:"([\w.\s]*)")|([\w.]+))/gi; // including space in username
+        let currentMention;
+        while ((currentMention = mentionRegex.exec(comment)) !== null) {
+          /*eslint no-unused-vars: ["error", { "varsIgnorePattern": "[iI]gnored" }]*/
+          const [ignored, quoteduser, simple] = currentMention;
+          const username = quoteduser || simple;
+          if (username === params.user) {
+            // ignore commenter mention himself?
+            continue;
+          }
+          const atUser = _.findWhere(knownUsers, { username });
+          if (!atUser) {
+            continue;
+          }
+          const uid = atUser.userId;
+          params.atUsername = username;
+          params.atEmails = atUser.emails;
+          title = 'act-atUserComment';
+          watchers = _.union(watchers, [uid]);
         }
       }
       params.commentId = comment._id;