Skip to content

Commit

Permalink
chg: [website] A blocklist of usernames is now used to block words we…
Browse files Browse the repository at this point in the history
… might not like to see used as usernames.
  • Loading branch information
cedricbonhomme committed Jul 10, 2024
1 parent 5885a3a commit 4aae795
Show file tree
Hide file tree
Showing 6 changed files with 37 additions and 15 deletions.
12 changes: 11 additions & 1 deletion poetry.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ pyotp = "^2.9.0"
qrcode = "^7.4.2"
pyvariot = "^0.2.0"
markdown = "^3.6"
the-big-username-blacklist = "^1.5.4"

[tool.poetry.group.dev.dependencies]
ipython = "^8.25.0"
Expand Down
10 changes: 6 additions & 4 deletions website/models/user.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
from flask import url_for
from flask_login import UserMixin # type: ignore[import-untyped]
from sqlalchemy.orm import validates
from the_big_username_blacklist import validate
from validate_email import validate_email # type: ignore[import-untyped]
from werkzeug.security import check_password_hash

Expand Down Expand Up @@ -80,18 +81,19 @@ def __str__(self) -> str:

@validates("login")
def validates_login(self, key: str, value: str) -> str:
assert 3 <= len(value) <= 30, AssertionError("maximum length for login: 30")
assert 3 <= len(value) <= 30, AssertionError("Maximum length for login: 30")
assert validate(value), AssertionError("Username not allowed.")
return re.sub("[^a-zA-Z0-9_-]", "", value.strip())

@validates("email")
def validates_email(self, key: str, value: str) -> str:
assert 3 <= len(value) <= 256, AssertionError("maximum length for email: 256")
assert validate_email(value), AssertionError("email address not valid")
assert 3 <= len(value) <= 256, AssertionError("Maximum length for email: 256")
assert validate_email(value), AssertionError("Email address not valid")
return value

@validates("apikey")
def validates_apikey(self, key: str, value: str) -> str:
assert 30 <= len(value) <= 100, AssertionError("minimum length for apikey: 30")
assert 30 <= len(value) <= 100, AssertionError("Minimum length for apikey: 30")
return value

@staticmethod
Expand Down
2 changes: 2 additions & 0 deletions website/web/api/v1/user.py
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,8 @@ def post(self) -> Tuple[Dict[Any, Any], int]:
)
db.session.add(new_user)
db.session.commit()
except AssertionError as e:
return abort(400, f"{e}")
except exc.IntegrityError:
db.session.rollback()
return abort(400, f"Impossible to create the user.")
Expand Down
24 changes: 14 additions & 10 deletions website/web/views/admin.py
Original file line number Diff line number Diff line change
Expand Up @@ -98,16 +98,20 @@ def process_user_form(user_id: int = 0) -> str | WerkzeugResponse:
return redirect(url_for("admin_bp.form_user", user_id=user.id))

# Create a new user
new_user = User(
login=form.login.data,
email=form.email.data,
name=form.name.data,
organisation=form.organisation.data,
is_active=form.is_active.data,
is_confirmed=form.is_confirmed.data,
is_admin=form.is_admin.data,
pwdhash=generate_password_hash(form.password.data),
)
try:
new_user = User(
login=form.login.data,
email=form.email.data,
name=form.name.data,
organisation=form.organisation.data,
is_active=form.is_active.data,
is_confirmed=form.is_confirmed.data,
is_admin=form.is_admin.data,
pwdhash=generate_password_hash(form.password.data),
)
except AssertionError as e:
flash(f"{e}", "danger")
return render_template("admin/edit_user.html", form=form)
db.session.add(new_user)
db.session.commit()
flash(
Expand Down
3 changes: 3 additions & 0 deletions website/web/views/session_mgmt.py
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,9 @@ def signup() -> str | WerkzeugResponse:
)
db.session.add(new_user)
db.session.commit()
except AssertionError as e:
flash(f"{e}", "danger")
return render_template("user/signup.html", form=form)
except sqlalchemy.exc.IntegrityError:
db.session.rollback()
flash("Problem while creating the account.", "danger")
Expand Down

0 comments on commit 4aae795

Please sign in to comment.