Restrict usernames to lowercase, digits, and hyphens.
[zzz-floof.git] / floof / controllers / account.py
index 2c94736..2073d44 100644 (file)
@@ -97,6 +97,7 @@ class AccountController(BaseController):
 
         c.identity_url = session['register:identity_url']
         c.nickname = session.get('register:nickname', None)
 
         c.identity_url = session['register:identity_url']
         c.nickname = session.get('register:nickname', None)
+        # XXX hey, uh.  warn if this name is taken already.
 
         return render('/account/register.mako')
 
 
         return render('/account/register.mako')
 
@@ -106,23 +107,27 @@ class AccountController(BaseController):
         identity_url = session['register:identity_url']
         username = request.params.get('username', None)
 
         identity_url = session['register:identity_url']
         username = request.params.get('username', None)
 
-        # XXX how do we return errors in some useful way?
-
         if not username:
         if not username:
-            return 'Please enter a username.'
+            h.flash(u'Please enter a username.')
+            return self.register()
 
         if User.query.filter_by(name=username).count():
 
         if User.query.filter_by(name=username).count():
-            return 'That username is taken.'
+            h.flash(u'This username is already taken.')
+            return self.register()
+
+        if not User.is_valid_name(username):
+            h.flash(u'This username is not valid.')
+            return self.register()
 
         # Create db records
 
         # Create db records
-        user = User(name=username)
+        user = User(name=username, display_name=username)
         user.identity_urls.append(IdentityURL(url=identity_url))
         elixir.session.commit()
 
         # Log in
         session['user_id'] = user.id
         session.save()
         user.identity_urls.append(IdentityURL(url=identity_url))
         elixir.session.commit()
 
         # Log in
         session['user_id'] = user.id
         session.save()
+        h.flash(u'You are now logged in.')
 
 
-        # XXX how do we do success messages in some useful way?
         # XXX send me where I came from
         redirect('/')
         # XXX send me where I came from
         redirect('/')