Merge pull request #209 from pateljannat/username-validation

fix: Username validation

community/overrides/user.py

@@ -18,6 +18,8 @@ class CustomUser(User):
         else:
             underscore_condition = ''
 
+        regex = re.compile('[@!#$%^&*()<>?/\|}{~:-]')
+
         if self.is_new():
             if not self.username:
                 self.username = self.get_username_from_first_name()
@@ -25,7 +27,7 @@ class CustomUser(User):
             if self.username.find(" "):
                 self.username.replace(" ", "")
 
-            if not re.match("^[A-Za-z0-9_]*$", self.username) or underscore_condition:
+            if regex.search(self.username) or underscore_condition:
                 self.username = self.remove_illegal_characters()
 
             if len(self.username) < 4:
@@ -38,7 +40,7 @@ class CustomUser(User):
             if not self.username:
                 frappe.throw(_("Username already exists."))
 
-            if not re.match("^[A-Za-z0-9_]*$", self.username):
+            if regex.search(self.username):
                 frappe.throw(_("Username can only contain alphabets, numbers and underscore."))
 
             if underscore_condition:

community/page_renderers.py

@@ -31,7 +31,7 @@ def get_profile_url_prefix():
     hooks = frappe.get_hooks("profile_url_prefix") or ["/users/"]
     return hooks[-1]
 
-RE_USERNAME = re.compile("[a-zA-Z0-9_]{4,}")
+RE_INVALID_USERNAME = re.compile("[@!#$%^&*()<>?/\\|}{~:-]")
 
 class ProfileRedirectPage(BaseRenderer):
     """Renderer to redirect /profile_/foo to <profile_prefix>/foo.
@@ -63,9 +63,8 @@ class ProfilePage(BaseRenderer):
 
         # not a userpage?
         username = self.get_username()
-        if not RE_USERNAME.match(username):
+        if RE_INVALID_USERNAME.search(username):
             return False
-
         # if there is prefix then we can allow all usernames
         if prefix:
             return True

community/www/profiles/profile.py

@@ -1,5 +1,6 @@
 import frappe
 from community.page_renderers import get_profile_url_prefix
+from urllib.parse import urlencode
 
 def get_context(context):
     context.no_cache = 1
@@ -9,14 +10,13 @@ def get_context(context):
     except KeyError:
         username = frappe.db.get_value("User", frappe.session.user, ["username"])
         if username:
-            frappe.local.flags.redirect_location = get_profile_url_prefix() + username
+            frappe.local.flags.redirect_location = get_profile_url_prefix() + urlencode({"username": username})
             raise frappe.Redirect
     try:
         context.member = frappe.get_doc("User", {"username": username})
     except:
         context.template = "www/404.html"
         return
-
     context.profile_tabs = get_profile_tabs(context.member)
 
 def get_profile_tabs(user):