Dissallow non-standard characters in username

Specifically, only allow alphabetical, numbers, _@- and period.

The website it self handles "advanced" characters just fine, but all
systems integrated through community authentication does not.

diff --git a/pgweb/account/forms.py b/pgweb/account/forms.py
index d50d249d68f94078367acc112ad084a461df247d..f4a7ec28a18c13d712308e1d9040dd13237608d0 100644 (file)
--- a/pgweb/account/forms.py
+++ b/pgweb/account/forms.py
@@ -1,5 +1,7 @@
 from django import forms
 
+import re
+
 from django.contrib.auth.models import User
 from pgweb.core.models import UserProfile
 
@@ -25,6 +27,8 @@ class SignupForm(forms.Form):
        def clean_username(self):
                username = self.cleaned_data['username'].lower()
 
+               if not re.match('^[a-z0-9_@\.-]+$', username):
+                       raise forms.ValidationError("Invalid character in user name. Only a-z, 0-9, _, @, . and - allowed.")
                try:
                        u = User.objects.get(username=username)
                except User.DoesNotExist: