From e245af57a80dc67acb3b2f641190aed1d43418b6 Mon Sep 17 00:00:00 2001
From: Jannat Patel <pateljannat2308@gmail.com>
Date: Sun, 19 Sep 2021 19:15:45 +0530
Subject: [PATCH 1/2] fix: regex change for username

---
 community/overrides/user.py       | 6 ++++--
 community/www/profiles/profile.py | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/community/overrides/user.py b/community/overrides/user.py
index e53d5fca..c2786123 100644
--- a/community/overrides/user.py
+++ b/community/overrides/user.py
@@ -18,6 +18,8 @@ class CustomUser(User):
         else:
             underscore_condition = ''
 
+        regex = re.compile('[@!#$%^&*()<>?/\|}{~:-]')
+
         if self.is_new():
             if not self.username:
                 self.username = self.get_username_from_first_name()
@@ -25,7 +27,7 @@ class CustomUser(User):
             if self.username.find(" "):
                 self.username.replace(" ", "")
 
-            if not re.match("^[A-Za-z0-9_]*$", self.username) or underscore_condition:
+            if regex.search(self.username) or underscore_condition:
                 self.username = self.remove_illegal_characters()
 
             if len(self.username) < 4:
@@ -38,7 +40,7 @@ class CustomUser(User):
             if not self.username:
                 frappe.throw(_("Username already exists."))
 
-            if not re.match("^[A-Za-z0-9_]*$", self.username):
+            if regex.search(self.username):
                 frappe.throw(_("Username can only contain alphabets, numbers and underscore."))
 
             if underscore_condition:
diff --git a/community/www/profiles/profile.py b/community/www/profiles/profile.py
index 73ea980f..25d8254a 100644
--- a/community/www/profiles/profile.py
+++ b/community/www/profiles/profile.py
@@ -1,5 +1,6 @@
 import frappe
 from community.page_renderers import get_profile_url_prefix
+from urllib.parse import urlencode
 
 def get_context(context):
     context.no_cache = 1
@@ -9,14 +10,15 @@ def get_context(context):
     except KeyError:
         username = frappe.db.get_value("User", frappe.session.user, ["username"])
         if username:
-            frappe.local.flags.redirect_location = get_profile_url_prefix() + username
+            print(username)
+            frappe.local.flags.redirect_location = get_profile_url_prefix() + urlencode({"username": username})
             raise frappe.Redirect
     try:
         context.member = frappe.get_doc("User", {"username": username})
     except:
         context.template = "www/404.html"
         return
-
+    print(context.member)
     context.profile_tabs = get_profile_tabs(context.member)
 
 def get_profile_tabs(user):

From 29fe75d807dde411ad4ab9e2e3c4b887e20ea541 Mon Sep 17 00:00:00 2001
From: Jannat Patel <pateljannat2308@gmail.com>
Date: Mon, 20 Sep 2021 15:12:23 +0530
Subject: [PATCH 2/2] fix: regex in page renderer

---
 community/page_renderers.py       | 5 ++---
 community/www/profiles/profile.py | 2 --
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/community/page_renderers.py b/community/page_renderers.py
index 4567d106..226501ae 100644
--- a/community/page_renderers.py
+++ b/community/page_renderers.py
@@ -31,7 +31,7 @@ def get_profile_url_prefix():
     hooks = frappe.get_hooks("profile_url_prefix") or ["/users/"]
     return hooks[-1]
 
-RE_USERNAME = re.compile("[a-zA-Z0-9_]{4,}")
+RE_INVALID_USERNAME = re.compile("[@!#$%^&*()<>?/\\|}{~:-]")
 
 class ProfileRedirectPage(BaseRenderer):
     """Renderer to redirect /profile_/foo to <profile_prefix>/foo.
@@ -63,9 +63,8 @@ class ProfilePage(BaseRenderer):
 
         # not a userpage?
         username = self.get_username()
-        if not RE_USERNAME.match(username):
+        if RE_INVALID_USERNAME.search(username):
             return False
-
         # if there is prefix then we can allow all usernames
         if prefix:
             return True
diff --git a/community/www/profiles/profile.py b/community/www/profiles/profile.py
index 25d8254a..65b1bbca 100644
--- a/community/www/profiles/profile.py
+++ b/community/www/profiles/profile.py
@@ -10,7 +10,6 @@ def get_context(context):
     except KeyError:
         username = frappe.db.get_value("User", frappe.session.user, ["username"])
         if username:
-            print(username)
             frappe.local.flags.redirect_location = get_profile_url_prefix() + urlencode({"username": username})
             raise frappe.Redirect
     try:
@@ -18,7 +17,6 @@ def get_context(context):
     except:
         context.template = "www/404.html"
         return
-    print(context.member)
     context.profile_tabs = get_profile_tabs(context.member)
 
 def get_profile_tabs(user):