Set reasonable defaults for username lengths

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
fedora-infra · Dec 10, 2021 · f53e7a9 · f53e7a9
1 parent 5d72ba6
commit f53e7a9
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 3 deletions.
diff --git a/noggin/form/register_user.py b/noggin/form/register_user.py
@@ -1,9 +1,9 @@
 from flask_babel import lazy_gettext as _
 from wtforms import BooleanField, HiddenField, PasswordField, StringField
 from wtforms.fields.html5 import EmailField
-from wtforms.validators import DataRequired, EqualTo
+from wtforms.validators import DataRequired, EqualTo, Length
 
-from noggin.form.validators import Email, PasswordLength, username_format
+from noggin.form.validators import Email, PasswordLength, StopOnError, username_format
 
 from .base import BaseForm, ModestForm, strip, SubmitButtonField
 
@@ -25,6 +25,7 @@ class RegisterUserForm(ModestForm):
         _('Username'),
         validators=[
             DataRequired(message=_('User name must not be empty')),
+            StopOnError(Length(min=3, max=32)),
             username_format,
         ],
         filters=[strip],

diff --git a/noggin/form/validators.py b/noggin/form/validators.py
@@ -1,7 +1,7 @@
 from flask import current_app
 from flask_babel import lazy_gettext as _
 from wtforms.validators import Email as WTFormsEmailValidator
-from wtforms.validators import Length, Regexp, ValidationError
+from wtforms.validators import Length, Regexp, StopValidation, ValidationError
 
 
 class Email(WTFormsEmailValidator):
@@ -41,3 +41,14 @@ def username_format(form, field):
             chars="\", \"".join(current_app.config["ALLOWED_USERNAME_HUMAN"]),
         ),
     )(form, field)
+
+
+class StopOnError:
+    def __init__(self, validator):
+        self.validator = validator
+
+    def __call__(self, form, field):
+        try:
+            self.validator(form, field)
+        except ValidationError as e:
+            raise StopValidation(str(e))
diff --git a/noggin/tests/unit/controller/test_registration.py b/noggin/tests/unit/controller/test_registration.py
@@ -149,6 +149,27 @@ def test_step_1_registration_closed(
     assert len(outbox) == 0
 
 
+@pytest.mark.parametrize(
+    "username", ["a", "ab", "a" * 33]
+)
+@pytest.mark.vcr()
+def test_step_1_bad_length(client, post_data_step_1, mocker, username):
+    """Try to register a user with a username that has a bad length"""
+    post_data_step_1["register-username"] = username
+    record_signal = mocker.Mock()
+    with mailer.record_messages() as outbox, stageuser_created.connected_to(
+        record_signal
+    ):
+        result = client.post('/', data=post_data_step_1)
+    assert_form_field_error(
+        result,
+        "register-username",
+        "Field must be between 3 and 32 characters long.",
+    )
+    record_signal.assert_not_called()
+    assert len(outbox) == 0
+
+
 @pytest.mark.parametrize(
     "username", ["dummy_user", "dummy.user", "dummy user", "_dummy", ".dummy", "dummy-"]
 )