Restrict usernames to lowercase, digits, and hyphens.

diff --git a/floof/controllers/account.py b/floof/controllers/account.py
index 2c94736..2073d44 100644 (file)
--- a/floof/controllers/account.py
+++ b/floof/controllers/account.py
@@ -97,6 +97,7 @@ class AccountController(BaseController):
 
         c.identity_url = session['register:identity_url']
         c.nickname = session.get('register:nickname', None)
 
         c.identity_url = session['register:identity_url']
         c.nickname = session.get('register:nickname', None)

+        # XXX hey, uh.  warn if this name is taken already.

 
         return render('/account/register.mako')
 
 
         return render('/account/register.mako')
 


@@ -106,23 +107,27 @@ class AccountController(BaseController):
         identity_url = session['register:identity_url']
         username = request.params.get('username', None)
 
         identity_url = session['register:identity_url']
         username = request.params.get('username', None)
 

-        # XXX how do we return errors in some useful way?
-

         if not username:
         if not username:

-            return 'Please enter a username.'
+            h.flash(u'Please enter a username.')
+            return self.register()

 
         if User.query.filter_by(name=username).count():
 
         if User.query.filter_by(name=username).count():

-            return 'That username is taken.'
+            h.flash(u'This username is already taken.')
+            return self.register()
+
+        if not User.is_valid_name(username):
+            h.flash(u'This username is not valid.')
+            return self.register()

 
         # Create db records
 
         # Create db records

-        user = User(name=username)
+        user = User(name=username, display_name=username)

         user.identity_urls.append(IdentityURL(url=identity_url))
         elixir.session.commit()
 
         # Log in
         session['user_id'] = user.id
         session.save()
         user.identity_urls.append(IdentityURL(url=identity_url))
         elixir.session.commit()
 
         # Log in
         session['user_id'] = user.id
         session.save()

+        h.flash(u'You are now logged in.')

 
 

-        # XXX how do we do success messages in some useful way?

         # XXX send me where I came from
         redirect('/')
         # XXX send me where I came from
         redirect('/')

diff --git a/floof/model/users.py b/floof/model/users.py
index 7601cf5..bacdfe6 100644 (file)
--- a/floof/model/users.py
+++ b/floof/model/users.py
@@ -4,12 +4,15 @@
 #   Copyright (c) 2009 Scribblr
 #
 
 #   Copyright (c) 2009 Scribblr
 #
 

-# from elixir import Entity, Field, Unicode, belongs_to, has_many
+import re
+

 from elixir import *
 from elixir import *

+

 from search import GalleryWidget
 
 class User(Entity):
     name = Field(Unicode(20))
 from search import GalleryWidget
 
 class User(Entity):
     name = Field(Unicode(20))

+    display_name = Field(Unicode(20))

     uploads = OneToMany('Art')
     has_many('identity_urls', of_kind='IdentityURL')
     searches = OneToMany('SavedSearch')
     uploads = OneToMany('Art')
     has_many('identity_urls', of_kind='IdentityURL')
     searches = OneToMany('SavedSearch')


@@ -19,10 +22,22 @@ class User(Entity):
     relationships = OneToMany('UserRelationship', inverse='user')
     target_of_relationships = OneToMany('UserRelationship', inverse='target_user')
 
     relationships = OneToMany('UserRelationship', inverse='user')
     target_of_relationships = OneToMany('UserRelationship', inverse='target_user')
 

+    @classmethod
+    def is_valid_name(cls, name):
+        """Returns True iff the name is a valid username.
+
+        Only lowercase letters, numbers, and hyphens are allowed.
+
+        Names must also be at least one character long, but no more than 20,
+        and cannot start or end with a hyphen.
+        """
+        return re.match('^[-a-z0-9]{1,20}$', name) \
+               and name[0] != '-' and name[-1] != '-'
+

 
     def __unicode__(self):
         return self.name
 
     def __unicode__(self):
         return self.name

-    
+

     def __str__(self):
         return self.name
 
     def __str__(self):
         return self.name
 

diff --git a/floof/websetup.py b/floof/websetup.py
index 815832d..a4e935f 100644 (file)
--- a/floof/websetup.py
+++ b/floof/websetup.py
@@ -23,7 +23,7 @@ def setup_app(command, conf, vars):
     # Users
     from floof.model.users import IdentityURL, User
     identity_url = IdentityURL(url=u'http://eevee.livejournal.com/')
     # Users
     from floof.model.users import IdentityURL, User
     identity_url = IdentityURL(url=u'http://eevee.livejournal.com/')

-    user = User(name=u'Eevee')
+    user = User(name=u'eevee')

     user.identity_urls.append(identity_url)
 
     model.Session.commit()
     user.identity_urls.append(identity_url)
 
     model.Session.commit()