Fix #1096 - allow - in usernames

Signed-off-by: Loic Dachary <loic@dachary.org>
2016-01-12 18:39:28 +01:00 · 2016-01-12 18:39:28 +01:00 · bbe0855651
commit bbe0855651
parent 2fdc14a242
2 changed files with 25 additions and 3 deletions
--- a/mediagoblin/auth/tools.py
+++ b/mediagoblin/auth/tools.py
@ -57,7 +57,7 @@ def normalize_user_or_email_field(allow_email=True, allow_user=True):
            if not allow_user:
                raise wtforms.ValidationError(nouser_msg)
            wtforms.validators.Length(min=3, max=30)(form, field)
-            wtforms.validators.Regexp(r'^\w+$')(form, field)
+            wtforms.validators.Regexp(r'^[-_\w]+$')(form, field)
            field.data = field.data.lower()
        if field.data is None:  # should not happen, but be cautious anyway
            raise wtforms.ValidationError(message)
--- a/mediagoblin/tests/test_auth.py
+++ b/mediagoblin/tests/test_auth.py
@ -80,9 +80,31 @@ def test_register_views(test_app):
    assert form.username.errors == [u'This field does not take email addresses.']
    assert form.email.errors == [u'This field requires an email address.']

+    ## invalid characters
+    template.clear_test_template_context()
+    test_app.post(
+        '/auth/register/', {
+            'username': 'ampersand&invalid',
+            'email': 'easter@egg.com'})
+    context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
+    form = context['register_form']
+
+    assert form.username.errors == [u'Invalid input.']
+
    ## At this point there should be no users in the database ;)
    assert User.query.count() == 0

+    ## mixture of characters from all valid ranges
+    template.clear_test_template_context()
+    test_app.post(
+        '/auth/register/', {
+            'username': 'Jean-Louis1_Le-Chat',
+            'password': 'iamsohappy',
+            'email': 'easter@egg.com'})
+
+    ## At this point there should on user in the database
+    assert User.query.count() == 1
+
    # Successful register
    # -------------------
    template.clear_test_template_context()
@ -115,7 +137,7 @@ def test_register_views(test_app):
    assert request.session['user_id'] == six.text_type(new_user.id)

    ## Make sure we get email confirmation, and try verifying
-    assert len(mail.EMAIL_TEST_INBOX) == 1
+    assert len(mail.EMAIL_TEST_INBOX) == 2
    message = mail.EMAIL_TEST_INBOX.pop()
    assert message['To'] == 'angrygrrl@example.org'
    email_context = template.TEMPLATE_TEST_CONTEXT[
@ -187,7 +209,7 @@ def test_register_views(test_app):
    assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT

    ## Make sure link to change password is sent by email
-    assert len(mail.EMAIL_TEST_INBOX) == 1
+    assert len(mail.EMAIL_TEST_INBOX) == 2
    message = mail.EMAIL_TEST_INBOX.pop()
    assert message['To'] == 'angrygrrl@example.org'
    email_context = template.TEMPLATE_TEST_CONTEXT[