Changes: Fix username filtering

Use correct field when parsing the payload, not only when rendering the
form. Also make the form non validating database wise as this is already
handled in the view.

Fixes #4559

weblate/accounts/forms.py

@@ -48,16 +48,12 @@
 from weblate.auth.models import User
 from weblate.lang.models import Language
 from weblate.logger import LOGGER
-from weblate.trans.defines import EMAIL_LENGTH, FULLNAME_LENGTH, USERNAME_LENGTH
+from weblate.trans.defines import EMAIL_LENGTH, FULLNAME_LENGTH
 from weblate.trans.models import Component, Project
 from weblate.utils import messages
-from weblate.utils.forms import SortedSelect, SortedSelectMultiple
+from weblate.utils.forms import SortedSelect, SortedSelectMultiple, UsernameField
 from weblate.utils.ratelimit import check_rate_limit, reset_rate_limit
-from weblate.utils.validators import (
-    validate_email,
-    validate_fullname,
-    validate_username,
-)
+from weblate.utils.validators import validate_email, validate_fullname
 
 
 class UniqueEmailMixin:
@@ -107,24 +103,7 @@ def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
 
 
-class UsernameField(forms.CharField):
-    default_validators = [validate_username]
-
-    def __init__(self, *args, **kwargs):
-        params = {
-            "max_length": USERNAME_LENGTH,
-            "help_text": _(
-                "Username may only contain letters, "
-                "numbers or the following characters: @ . + - _"
-            ),
-            "label": _("Username"),
-            "required": True,
-        }
-        params.update(kwargs)
-        self.valid = None
-
-        super().__init__(*args, **params)
-
+class UniqueUsernameField(UsernameField):
     def clean(self, value):
         """Username validation, requires a unique name."""
         if value is None:
@@ -273,7 +252,7 @@ def __init__(self, *args, **kwargs):
 class UserForm(forms.ModelForm):
     """User information form."""
 
-    username = UsernameField()
+    username = UniqueUsernameField()
     email = forms.ChoiceField(
         label=_("E-mail"),
         help_text=_("You can add another e-mail address below."),
@@ -368,7 +347,7 @@ class RegistrationForm(EmailForm):
     required_css_class = "required"
     error_css_class = "error"
 
-    username = UsernameField()
+    username = UniqueUsernameField()
     # This has to be without underscore for social-auth
     fullname = FullNameField()
     content = forms.CharField(required=False)

weblate/auth/admin.py

@@ -23,7 +23,7 @@
 from django.utils.safestring import mark_safe
 from django.utils.translation import gettext_lazy as _
 
-from weblate.accounts.forms import FullNameField, UniqueEmailMixin, UsernameField
+from weblate.accounts.forms import FullNameField, UniqueEmailMixin, UniqueUsernameField
 from weblate.accounts.utils import remove_user
 from weblate.auth.models import AutoGroup, Group, User
 from weblate.wladmin.models import WeblateModelAdmin
@@ -63,7 +63,7 @@ class WeblateUserChangeForm(UserChangeForm):
     class Meta:
         model = User
         fields = "__all__"
-        field_classes = {"username": UsernameField, "full_name": FullNameField}
+        field_classes = {"username": UniqueUsernameField, "full_name": FullNameField}
 
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
@@ -77,7 +77,7 @@ class WeblateUserCreationForm(UserCreationForm, UniqueEmailMixin):
     class Meta:
         model = User
         fields = ("username", "email", "full_name")
-        field_classes = {"username": UsernameField, "full_name": FullNameField}
+        field_classes = {"username": UniqueUsernameField, "full_name": FullNameField}
 
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)

weblate/trans/forms.py

@@ -43,7 +43,6 @@
 from django.utils.translation import gettext_lazy as _
 from translation_finder import DiscoveryResult, discover
 
-from weblate.accounts.forms import UsernameField
 from weblate.auth.models import User
 from weblate.checks.models import CHECKS
 from weblate.formats.models import EXPORTERS, FILE_FORMATS
@@ -62,6 +61,7 @@
     SearchField,
     SortedSelect,
     SortedSelectMultiple,
+    UsernameField,
 )
 from weblate.utils.hash import checksum_to_hash, hash_to_checksum
 from weblate.utils.search import parse_query

weblate/utils/forms.py

@@ -17,15 +17,36 @@
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
 #
 
-
 from crispy_forms.layout import Div, Field
 from crispy_forms.utils import TEMPLATE_PACK
 from django import forms
 from django.template.loader import render_to_string
 from django.utils.encoding import force_str
+from django.utils.translation import gettext_lazy as _
 
+from weblate.trans.defines import USERNAME_LENGTH
 from weblate.trans.filter import FILTERS
 from weblate.trans.util import sort_unicode
+from weblate.utils.validators import validate_username
+
+
+class UsernameField(forms.CharField):
+    default_validators = [validate_username]
+
+    def __init__(self, *args, **kwargs):
+        params = {
+            "max_length": USERNAME_LENGTH,
+            "help_text": _(
+                "Username may only contain letters, "
+                "numbers or the following characters: @ . + - _"
+            ),
+            "label": _("Username"),
+            "required": True,
+        }
+        params.update(kwargs)
+        self.valid = None
+
+        super().__init__(*args, **params)
 
 
 class SortedSelectMixin:
@@ -99,4 +120,4 @@ class FilterForm(forms.Form):
     project = forms.SlugField(required=False)
     component = forms.SlugField(required=False)
     lang = forms.SlugField(required=False)
-    user = forms.SlugField(required=False)
+    user = UsernameField(required=False)