From: Eevee Date: Sun, 6 Dec 2009 03:45:35 +0000 (-0800) Subject: Restrict usernames to lowercase, digits, and hyphens. X-Git-Url: http://git.veekun.com/zzz-floof.git/commitdiff_plain/7a76bb2835ed39ac91b74edfb7932349a079ea68 Restrict usernames to lowercase, digits, and hyphens. --- diff --git a/floof/controllers/account.py b/floof/controllers/account.py index 2c94736..2073d44 100644 --- a/floof/controllers/account.py +++ b/floof/controllers/account.py @@ -97,6 +97,7 @@ class AccountController(BaseController): c.identity_url = session['register:identity_url'] c.nickname = session.get('register:nickname', None) + # XXX hey, uh. warn if this name is taken already. return render('/account/register.mako') @@ -106,23 +107,27 @@ class AccountController(BaseController): identity_url = session['register:identity_url'] username = request.params.get('username', None) - # XXX how do we return errors in some useful way? - if not username: - return 'Please enter a username.' + h.flash(u'Please enter a username.') + return self.register() if User.query.filter_by(name=username).count(): - return 'That username is taken.' + h.flash(u'This username is already taken.') + return self.register() + + if not User.is_valid_name(username): + h.flash(u'This username is not valid.') + return self.register() # Create db records - user = User(name=username) + user = User(name=username, display_name=username) user.identity_urls.append(IdentityURL(url=identity_url)) elixir.session.commit() # Log in session['user_id'] = user.id session.save() + h.flash(u'You are now logged in.') - # XXX how do we do success messages in some useful way? # XXX send me where I came from redirect('/') diff --git a/floof/model/users.py b/floof/model/users.py index 7601cf5..bacdfe6 100644 --- a/floof/model/users.py +++ b/floof/model/users.py @@ -4,12 +4,15 @@ # Copyright (c) 2009 Scribblr # -# from elixir import Entity, Field, Unicode, belongs_to, has_many +import re + from elixir import * + from search import GalleryWidget class User(Entity): name = Field(Unicode(20)) + display_name = Field(Unicode(20)) uploads = OneToMany('Art') has_many('identity_urls', of_kind='IdentityURL') searches = OneToMany('SavedSearch') @@ -19,10 +22,22 @@ class User(Entity): relationships = OneToMany('UserRelationship', inverse='user') target_of_relationships = OneToMany('UserRelationship', inverse='target_user') + @classmethod + def is_valid_name(cls, name): + """Returns True iff the name is a valid username. + + Only lowercase letters, numbers, and hyphens are allowed. + + Names must also be at least one character long, but no more than 20, + and cannot start or end with a hyphen. + """ + return re.match('^[-a-z0-9]{1,20}$', name) \ + and name[0] != '-' and name[-1] != '-' + def __unicode__(self): return self.name - + def __str__(self): return self.name diff --git a/floof/websetup.py b/floof/websetup.py index 815832d..a4e935f 100644 --- a/floof/websetup.py +++ b/floof/websetup.py @@ -23,7 +23,7 @@ def setup_app(command, conf, vars): # Users from floof.model.users import IdentityURL, User identity_url = IdentityURL(url=u'http://eevee.livejournal.com/') - user = User(name=u'Eevee') + user = User(name=u'eevee') user.identity_urls.append(identity_url) model.Session.commit()