From 7a76bb2835ed39ac91b74edfb7932349a079ea68 Mon Sep 17 00:00:00 2001
From: Eevee <git@veekun.com>
Date: Sat, 5 Dec 2009 19:45:35 -0800
Subject: [PATCH] Restrict usernames to lowercase, digits, and hyphens.

---
 floof/controllers/account.py | 17 +++++++++++------
 floof/model/users.py         | 19 +++++++++++++++++--
 floof/websetup.py            |  2 +-
 3 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/floof/controllers/account.py b/floof/controllers/account.py
index 2c94736..2073d44 100644
--- a/floof/controllers/account.py
+++ b/floof/controllers/account.py
@@ -97,6 +97,7 @@ class AccountController(BaseController):
 
         c.identity_url = session['register:identity_url']
         c.nickname = session.get('register:nickname', None)
+        # XXX hey, uh.  warn if this name is taken already.
 
         return render('/account/register.mako')
 
@@ -106,23 +107,27 @@ class AccountController(BaseController):
         identity_url = session['register:identity_url']
         username = request.params.get('username', None)
 
-        # XXX how do we return errors in some useful way?
-
         if not username:
-            return 'Please enter a username.'
+            h.flash(u'Please enter a username.')
+            return self.register()
 
         if User.query.filter_by(name=username).count():
-            return 'That username is taken.'
+            h.flash(u'This username is already taken.')
+            return self.register()
+
+        if not User.is_valid_name(username):
+            h.flash(u'This username is not valid.')
+            return self.register()
 
         # Create db records
-        user = User(name=username)
+        user = User(name=username, display_name=username)
         user.identity_urls.append(IdentityURL(url=identity_url))
         elixir.session.commit()
 
         # Log in
         session['user_id'] = user.id
         session.save()
+        h.flash(u'You are now logged in.')
 
-        # XXX how do we do success messages in some useful way?
         # XXX send me where I came from
         redirect('/')
diff --git a/floof/model/users.py b/floof/model/users.py
index 7601cf5..bacdfe6 100644
--- a/floof/model/users.py
+++ b/floof/model/users.py
@@ -4,12 +4,15 @@
 #   Copyright (c) 2009 Scribblr
 #
 
-# from elixir import Entity, Field, Unicode, belongs_to, has_many
+import re
+
 from elixir import *
+
 from search import GalleryWidget
 
 class User(Entity):
     name = Field(Unicode(20))
+    display_name = Field(Unicode(20))
     uploads = OneToMany('Art')
     has_many('identity_urls', of_kind='IdentityURL')
     searches = OneToMany('SavedSearch')
@@ -19,10 +22,22 @@ class User(Entity):
     relationships = OneToMany('UserRelationship', inverse='user')
     target_of_relationships = OneToMany('UserRelationship', inverse='target_user')
 
+    @classmethod
+    def is_valid_name(cls, name):
+        """Returns True iff the name is a valid username.
+
+        Only lowercase letters, numbers, and hyphens are allowed.
+
+        Names must also be at least one character long, but no more than 20,
+        and cannot start or end with a hyphen.
+        """
+        return re.match('^[-a-z0-9]{1,20}$', name) \
+               and name[0] != '-' and name[-1] != '-'
+
 
     def __unicode__(self):
         return self.name
-    
+
     def __str__(self):
         return self.name
 
diff --git a/floof/websetup.py b/floof/websetup.py
index 815832d..a4e935f 100644
--- a/floof/websetup.py
+++ b/floof/websetup.py
@@ -23,7 +23,7 @@ def setup_app(command, conf, vars):
     # Users
     from floof.model.users import IdentityURL, User
     identity_url = IdentityURL(url=u'http://eevee.livejournal.com/')
-    user = User(name=u'Eevee')
+    user = User(name=u'eevee')
     user.identity_urls.append(identity_url)
 
     model.Session.commit()
-- 
2.7.4