heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix #1096 - allow - in usernames

Browse Source 
Signed-off-by: Loic Dachary <loic@dachary.org>
This commit is contained in:
Loic Dachary 2016-01-12 18:39:28 +01:00 committed by Christopher Allan Webber
parent 2fdc14a242
commit bbe0855651
2 changed files with 25 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mediagoblin/auth/tools.py
View File

@ -57,7 +57,7 @@ def normalize_user_or_email_field(allow_email=True, allow_user=True):
if not allow_user: if not allow_user:
raise wtforms.ValidationError(nouser_msg) raise wtforms.ValidationError(nouser_msg)
wtforms.validators.Length(min=3, max=30)(form, field) wtforms.validators.Length(min=3, max=30)(form, field)
wtforms.validators.Regexp(r'^\w+$')(form, field) wtforms.validators.Regexp(r'^[-_\w]+$')(form, field)
field.data = field.data.lower() field.data = field.data.lower()
if field.data is None: # should not happen, but be cautious anyway if field.data is None: # should not happen, but be cautious anyway
raise wtforms.ValidationError(message) raise wtforms.ValidationError(message)

26
mediagoblin/tests/test_auth.py
View File

@ -80,9 +80,31 @@ def test_register_views(test_app):
assert form.username.errors == [u'This field does not take email addresses.'] assert form.username.errors == [u'This field does not take email addresses.']
assert form.email.errors == [u'This field requires an email address.'] assert form.email.errors == [u'This field requires an email address.']
## invalid characters
template.clear_test_template_context()
test_app.post(
'/auth/register/', {
'username': 'ampersand&invalid',
'email': 'easter@egg.com'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
form = context['register_form']
assert form.username.errors == [u'Invalid input.']
## At this point there should be no users in the database ;) ## At this point there should be no users in the database ;)
assert User.query.count() == 0 assert User.query.count() == 0
## mixture of characters from all valid ranges
template.clear_test_template_context()
test_app.post(
'/auth/register/', {
'username': 'Jean-Louis1_Le-Chat',
'password': 'iamsohappy',
'email': 'easter@egg.com'})
## At this point there should on user in the database
assert User.query.count() == 1
# Successful register # Successful register
# ------------------- # -------------------
template.clear_test_template_context() template.clear_test_template_context()
@ -115,7 +137,7 @@ def test_register_views(test_app):
assert request.session['user_id'] == six.text_type(new_user.id) assert request.session['user_id'] == six.text_type(new_user.id)
## Make sure we get email confirmation, and try verifying ## Make sure we get email confirmation, and try verifying
assert len(mail.EMAIL_TEST_INBOX) == 1 assert len(mail.EMAIL_TEST_INBOX) == 2
message = mail.EMAIL_TEST_INBOX.pop() message = mail.EMAIL_TEST_INBOX.pop()
assert message['To'] == 'angrygrrl@example.org' assert message['To'] == 'angrygrrl@example.org'
email_context = template.TEMPLATE_TEST_CONTEXT[ email_context = template.TEMPLATE_TEST_CONTEXT[
@ -187,7 +209,7 @@ def test_register_views(test_app):
assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT
## Make sure link to change password is sent by email ## Make sure link to change password is sent by email
assert len(mail.EMAIL_TEST_INBOX) == 1 assert len(mail.EMAIL_TEST_INBOX) == 2
message = mail.EMAIL_TEST_INBOX.pop() message = mail.EMAIL_TEST_INBOX.pop()
assert message['To'] == 'angrygrrl@example.org' assert message['To'] == 'angrygrrl@example.org'
email_context = template.TEMPLATE_TEST_CONTEXT[ email_context = template.TEMPLATE_TEST_CONTEXT[