Ticket #1096: 0001-Fix-1096-allow-and-_-in-usernames.patch

File 0001-Fix-1096-allow-and-_-in-usernames.patch, 3.3 KB (added by Loic Dachary, 9 years ago)
  • mediagoblin/auth/tools.py

    From c7b23383656a3dfb4027bfe3304cc118e7312ec9 Mon Sep 17 00:00:00 2001
    From: Loic Dachary <loic@dachary.org>
    Date: Tue, 12 Jan 2016 18:39:28 +0100
    Subject: [PATCH] Fix #1096 - allow - and _ in usernames
    
    Signed-off-by: Loic Dachary <loic@dachary.org>
    ---
     mediagoblin/auth/tools.py      |  2 +-
     mediagoblin/tests/test_auth.py | 26 ++++++++++++++++++++++++--
     2 files changed, 25 insertions(+), 3 deletions(-)
    
    diff --git a/mediagoblin/auth/tools.py b/mediagoblin/auth/tools.py
    index 5a47dae..9c16a98 100644
    a b def normalize_user_or_email_field(allow_email=True, allow_user=True):  
    5757            if not allow_user:
    5858                raise wtforms.ValidationError(nouser_msg)
    5959            wtforms.validators.Length(min=3, max=30)(form, field)
    60             wtforms.validators.Regexp(r'^\w+$')(form, field)
     60            wtforms.validators.Regexp(r'^[-_\w]+$')(form, field)
    6161            field.data = field.data.lower()
    6262        if field.data is None:  # should not happen, but be cautious anyway
    6363            raise wtforms.ValidationError(message)
  • mediagoblin/tests/test_auth.py

    diff --git a/mediagoblin/tests/test_auth.py b/mediagoblin/tests/test_auth.py
    index 62f77f7..cb971fd 100644
    a b def test_register_views(test_app):  
    8080    assert form.username.errors == [u'This field does not take email addresses.']
    8181    assert form.email.errors == [u'This field requires an email address.']
    8282
     83    ## invalid characters
     84    template.clear_test_template_context()
     85    test_app.post(
     86        '/auth/register/', {
     87            'username': 'ampersand&invalid',
     88            'email': 'easter@egg.com'})
     89    context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
     90    form = context['register_form']
     91
     92    assert form.username.errors == [u'Invalid input.']
     93
    8394    ## At this point there should be no users in the database ;)
    8495    assert User.query.count() == 0
    8596
     97    ## mixture of characters from all valid ranges
     98    template.clear_test_template_context()
     99    test_app.post(
     100        '/auth/register/', {
     101            'username': 'Jean-Louis1_Le-Chat',
     102            'password': 'iamsohappy',
     103            'email': 'easter@egg.com'})
     104
     105    ## At this point there should on user in the database
     106    assert User.query.count() == 1
     107
    86108    # Successful register
    87109    # -------------------
    88110    template.clear_test_template_context()
    def test_register_views(test_app):  
    115137    assert request.session['user_id'] == six.text_type(new_user.id)
    116138
    117139    ## Make sure we get email confirmation, and try verifying
    118     assert len(mail.EMAIL_TEST_INBOX) == 1
     140    assert len(mail.EMAIL_TEST_INBOX) == 2
    119141    message = mail.EMAIL_TEST_INBOX.pop()
    120142    assert message['To'] == 'angrygrrl@example.org'
    121143    email_context = template.TEMPLATE_TEST_CONTEXT[
    def test_register_views(test_app):  
    187209    assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT
    188210
    189211    ## Make sure link to change password is sent by email
    190     assert len(mail.EMAIL_TEST_INBOX) == 1
     212    assert len(mail.EMAIL_TEST_INBOX) == 2
    191213    message = mail.EMAIL_TEST_INBOX.pop()
    192214    assert message['To'] == 'angrygrrl@example.org'
    193215    email_context = template.TEMPLATE_TEST_CONTEXT[