Disallow all-digit usernames (bug 862121)

Allen Short · Allen Short · commit 8f92f09f9d8b · 2014-03-17T12:58:11.000-05:00
diff --git a/apps/users/forms.py b/apps/users/forms.py
@@ -158,6 +158,10 @@ class UsernameMixin:
 
     def clean_username(self):
         name = self.cleaned_data['username']
+        # All-digits usernames are disallowed since they can be
+        # confused for user IDs in URLs. (See bug 862121.)
+        if name.isdigit():
+            raise forms.ValidationError(_('Usernames cannot contain only digits.'))
         slug_validator(name, lower=False,
             message=_('Enter a valid username consisting of letters, numbers, '
                       'underscores or hyphens.'))
diff --git a/apps/users/tests/test_forms.py b/apps/users/tests/test_forms.py
@@ -437,6 +437,15 @@ def test_blacklisted_username(self):
         self.assertFormError(r, 'form', 'username',
                              'This username cannot be used.')
 
+    def test_alldigit_username(self):
+        data = {'email': 'testo@example.com',
+                'password': 'xxxlonger',
+                'password2': 'xxxlonger',
+                'username': '8675309', }
+        r = self.client.post('/en-US/firefox/users/register', data)
+        self.assertFormError(r, 'form', 'username',
+                             'Usernames cannot contain only digits.')
+
     def test_blacklisted_password(self):
         BlacklistedPassword.objects.create(password='password')
         data = {'email': 'testo@example.com',
