Skip to content

Commit

Permalink
Merge pull request #590 from CTPUG/problematic-usernames
Browse files Browse the repository at this point in the history 
Disallow problematic usernames
  • Loading branch information
@stefanor
stefanor committed Jun 2, 2021
2 parents 2114d7b + 2fc7916 commit ae17f6a
Show file tree
Hide file tree
Showing 6 changed files with 34 additions and 10 deletions.
20 changes: 14 additions & 6 deletions wafer/registration/forms.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,23 @@

from crispy_forms.helper import FormHelper
from crispy_forms.layout import Hidden, Submit
from registration.forms import RegistrationForm

from wafer.registration.validators import validate_username

class RegistrationFormHelper(FormHelper):
form_action = reverse('registration_register')
include_media = False

def __init__(self, request, *args, **kwargs):
super(RegistrationFormHelper, self).__init__(*args, **kwargs)
self.add_input(Submit('submit', _('Sign up')))
class WaferRegistrationForm(RegistrationForm):
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.helper = FormHelper()
self.helper.include_media = False
self.helper.form_action = reverse('registration_register')
self.helper.add_input(Submit('submit', _('Sign up')))

def clean_username(self):
username = self.cleaned_data['username']
validate_username(username)
return username


class LoginFormHelper(FormHelper):
Expand Down
4 changes: 1 addition & 3 deletions wafer/registration/templates/registration/registration_form.html
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,7 @@
{% extends 'wafer/base_form.html' %}
{% load i18n %}
{% load crispy_forms_tags %}
{% load wafer_crispy %}
{% block content %}
<h1>{% trans 'Sign up' %}</h1>
{% wafer_form_helper 'wafer.registration.forms.RegistrationFormHelper' as form_helper %}
{% crispy form form_helper %}
{% crispy form %}
{% endblock %}
9 changes: 9 additions & 0 deletions wafer/registration/validators.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
from django.core.exceptions import ValidationError


def validate_username(username):
"""Some usernames lead to problematic URLs and static file names"""
if username.startswith('.'):
raise ValidationError('usernames cannot start with a "."')
if username in ('index.html', 'page'):
raise ValidationError('This username is not available')
2 changes: 1 addition & 1 deletion wafer/settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -199,8 +199,8 @@

# Django registration:
ACCOUNT_ACTIVATION_DAYS = 7

AUTH_USER_MODEL = 'auth.User'
REGISTRATION_FORM = 'wafer.registration.forms.WaferRegistrationForm'

# Forms:
CRISPY_TEMPLATE_PACK = 'bootstrap4'
Expand Down
6 changes: 6 additions & 0 deletions wafer/users/forms.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
from crispy_forms.helper import FormHelper
from crispy_forms.layout import Submit

from wafer.registration.validators import validate_username
from wafer.users.models import UserProfile


Expand All @@ -22,6 +23,11 @@ def __init__(self, *args, **kwargs):
self.fields['first_name'].required = True
self.fields['email'].required = True

def clean_username(self):
username = self.cleaned_data['username']
validate_username(username)
return username

class Meta:
# TODO: Password reset
model = get_user_model()
Expand Down
3 changes: 3 additions & 0 deletions wafer/users/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,9 @@ def get_url(self, obj):

def build_object(self, obj):
"""Override django-bakery to skip profiles that raise 403"""
if obj.username in ('.', '..'):
log.warning('Skipping build of user %s, bad username', obj.username)
return
try:
build_path = self.get_build_path(obj)
self.request = self.create_request(build_path)
Expand Down

0 comments on commit ae17f6a

Please sign in to comment.