Restrict usernames to lowercase, digits, and hyphens.
authorEevee <git@veekun.com>
Sun, 6 Dec 2009 03:45:35 +0000 (19:45 -0800)
committerEevee <git@veekun.com>
Sun, 6 Dec 2009 03:45:35 +0000 (19:45 -0800)
floof/controllers/account.py
floof/model/users.py
floof/websetup.py

index 2c94736..2073d44 100644 (file)
@@ -97,6 +97,7 @@ class AccountController(BaseController):
 
         c.identity_url = session['register:identity_url']
         c.nickname = session.get('register:nickname', None)
 
         c.identity_url = session['register:identity_url']
         c.nickname = session.get('register:nickname', None)
+        # XXX hey, uh.  warn if this name is taken already.
 
         return render('/account/register.mako')
 
 
         return render('/account/register.mako')
 
@@ -106,23 +107,27 @@ class AccountController(BaseController):
         identity_url = session['register:identity_url']
         username = request.params.get('username', None)
 
         identity_url = session['register:identity_url']
         username = request.params.get('username', None)
 
-        # XXX how do we return errors in some useful way?
-
         if not username:
         if not username:
-            return 'Please enter a username.'
+            h.flash(u'Please enter a username.')
+            return self.register()
 
         if User.query.filter_by(name=username).count():
 
         if User.query.filter_by(name=username).count():
-            return 'That username is taken.'
+            h.flash(u'This username is already taken.')
+            return self.register()
+
+        if not User.is_valid_name(username):
+            h.flash(u'This username is not valid.')
+            return self.register()
 
         # Create db records
 
         # Create db records
-        user = User(name=username)
+        user = User(name=username, display_name=username)
         user.identity_urls.append(IdentityURL(url=identity_url))
         elixir.session.commit()
 
         # Log in
         session['user_id'] = user.id
         session.save()
         user.identity_urls.append(IdentityURL(url=identity_url))
         elixir.session.commit()
 
         # Log in
         session['user_id'] = user.id
         session.save()
+        h.flash(u'You are now logged in.')
 
 
-        # XXX how do we do success messages in some useful way?
         # XXX send me where I came from
         redirect('/')
         # XXX send me where I came from
         redirect('/')
index 7601cf5..bacdfe6 100644 (file)
@@ -4,12 +4,15 @@
 #   Copyright (c) 2009 Scribblr
 #
 
 #   Copyright (c) 2009 Scribblr
 #
 
-# from elixir import Entity, Field, Unicode, belongs_to, has_many
+import re
+
 from elixir import *
 from elixir import *
+
 from search import GalleryWidget
 
 class User(Entity):
     name = Field(Unicode(20))
 from search import GalleryWidget
 
 class User(Entity):
     name = Field(Unicode(20))
+    display_name = Field(Unicode(20))
     uploads = OneToMany('Art')
     has_many('identity_urls', of_kind='IdentityURL')
     searches = OneToMany('SavedSearch')
     uploads = OneToMany('Art')
     has_many('identity_urls', of_kind='IdentityURL')
     searches = OneToMany('SavedSearch')
@@ -19,10 +22,22 @@ class User(Entity):
     relationships = OneToMany('UserRelationship', inverse='user')
     target_of_relationships = OneToMany('UserRelationship', inverse='target_user')
 
     relationships = OneToMany('UserRelationship', inverse='user')
     target_of_relationships = OneToMany('UserRelationship', inverse='target_user')
 
+    @classmethod
+    def is_valid_name(cls, name):
+        """Returns True iff the name is a valid username.
+
+        Only lowercase letters, numbers, and hyphens are allowed.
+
+        Names must also be at least one character long, but no more than 20,
+        and cannot start or end with a hyphen.
+        """
+        return re.match('^[-a-z0-9]{1,20}$', name) \
+               and name[0] != '-' and name[-1] != '-'
+
 
     def __unicode__(self):
         return self.name
 
     def __unicode__(self):
         return self.name
-    
+
     def __str__(self):
         return self.name
 
     def __str__(self):
         return self.name
 
index 815832d..a4e935f 100644 (file)
@@ -23,7 +23,7 @@ def setup_app(command, conf, vars):
     # Users
     from floof.model.users import IdentityURL, User
     identity_url = IdentityURL(url=u'http://eevee.livejournal.com/')
     # Users
     from floof.model.users import IdentityURL, User
     identity_url = IdentityURL(url=u'http://eevee.livejournal.com/')
-    user = User(name=u'Eevee')
+    user = User(name=u'eevee')
     user.identity_urls.append(identity_url)
 
     model.Session.commit()
     user.identity_urls.append(identity_url)
 
     model.Session.commit()