eduvia/lms
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #209 from pateljannat/username-validation

Browse Source 
fix: Username validation
This commit is contained in:
Jannat Patel
2021-09-20 15:23:18 +05:30
committed by GitHub
parent 3be20b5658 29fe75d807
commit b8fae5cd28
3 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
community/overrides/user.py
View File

@@ -18,6 +18,8 @@ class CustomUser(User):
else: else:
underscore_condition = '' underscore_condition = ''
regex = re.compile('[@!#$%^&*()<>?/\|}{~:-]')
if self.is_new(): if self.is_new():
if not self.username: if not self.username:
self.username = self.get_username_from_first_name() self.username = self.get_username_from_first_name()
@@ -25,7 +27,7 @@ class CustomUser(User):
if self.username.find(" "): if self.username.find(" "):
self.username.replace(" ", "") self.username.replace(" ", "")
if not re.match("^[A-Za-z0-9_]*$", self.username) or underscore_condition: if regex.search(self.username) or underscore_condition:
self.username = self.remove_illegal_characters() self.username = self.remove_illegal_characters()
if len(self.username) < 4: if len(self.username) < 4:
@@ -38,7 +40,7 @@ class CustomUser(User):
if not self.username: if not self.username:
frappe.throw(_("Username already exists.")) frappe.throw(_("Username already exists."))
if not re.match("^[A-Za-z0-9_]*$", self.username): if regex.search(self.username):
frappe.throw(_("Username can only contain alphabets, numbers and underscore.")) frappe.throw(_("Username can only contain alphabets, numbers and underscore."))
if underscore_condition: if underscore_condition:

5
community/page_renderers.py
View File

@@ -31,7 +31,7 @@ def get_profile_url_prefix():
hooks = frappe.get_hooks("profile_url_prefix") or ["/users/"] hooks = frappe.get_hooks("profile_url_prefix") or ["/users/"]
return hooks[-1] return hooks[-1]
RE_USERNAME = re.compile("[a-zA-Z0-9_]{4,}") RE_INVALID_USERNAME = re.compile("[@!#$%^&*()<>?/\\|}{~:-]")
class ProfileRedirectPage(BaseRenderer): class ProfileRedirectPage(BaseRenderer):
"""Renderer to redirect /profile_/foo to <profile_prefix>/foo. """Renderer to redirect /profile_/foo to <profile_prefix>/foo.
@@ -63,9 +63,8 @@ class ProfilePage(BaseRenderer):
# not a userpage? # not a userpage?
username = self.get_username() username = self.get_username()
if not RE_USERNAME.match(username): if RE_INVALID_USERNAME.search(username):
return False return False
# if there is prefix then we can allow all usernames # if there is prefix then we can allow all usernames
if prefix: if prefix:
return True return True

4
community/www/profiles/profile.py
View File

@@ -1,5 +1,6 @@
import frappe import frappe
from community.page_renderers import get_profile_url_prefix from community.page_renderers import get_profile_url_prefix
from urllib.parse import urlencode
def get_context(context): def get_context(context):
context.no_cache = 1 context.no_cache = 1
@@ -9,14 +10,13 @@ def get_context(context):
except KeyError: except KeyError:
username = frappe.db.get_value("User", frappe.session.user, ["username"]) username = frappe.db.get_value("User", frappe.session.user, ["username"])
if username: if username:
frappe.local.flags.redirect_location = get_profile_url_prefix() + username frappe.local.flags.redirect_location = get_profile_url_prefix() + urlencode({"username": username})
raise frappe.Redirect raise frappe.Redirect
try: try:
context.member = frappe.get_doc("User", {"username": username}) context.member = frappe.get_doc("User", {"username": username})
except: except:
context.template = "www/404.html" context.template = "www/404.html"
return return
context.profile_tabs = get_profile_tabs(context.member) context.profile_tabs = get_profile_tabs(context.member)
def get_profile_tabs(user): def get_profile_tabs(user):