From 2f0471a3a4cf9e056efd7cdea2a9ddb1787dd57a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Barrag=C3=A1n=20Merino?= Date: Mon, 1 Sep 2014 17:30:31 +0200 Subject: [PATCH] Fix Bug #828: Validate username --- taiga/auth/serializers.py | 21 +++++++++++++++++++-- taiga/users/serializers.py | 1 + tests/integration/test_auth_api.py | 14 +++++++++++++- 3 files changed, 33 insertions(+), 3 deletions(-) diff --git a/taiga/auth/serializers.py b/taiga/auth/serializers.py index 2b235d1d..d12cc71e 100644 --- a/taiga/auth/serializers.py +++ b/taiga/auth/serializers.py @@ -16,12 +16,28 @@ from rest_framework import serializers +from django.core import validators +from django.core.exceptions import ValidationError +import re + + class BaseRegisterSerializer(serializers.Serializer): full_name = serializers.CharField(max_length=256) email = serializers.EmailField(max_length=200) - username = serializers.CharField(max_length=200) + username = serializers.CharField(max_length=30) password = serializers.CharField(min_length=4) + def validate_username(self, attrs, source): + value = attrs[source] + validator = validators.RegexValidator(re.compile('^[\w.-]+$'), "invalid username", "invalid") + + try: + validator(value) + except ValidationError: + raise serializers.ValidationError("Required. 30 characters or fewer. Letters, numbers " + "and /./-/_ characters'") + return attrs + class PublicRegisterSerializer(BaseRegisterSerializer): pass @@ -30,7 +46,8 @@ class PublicRegisterSerializer(BaseRegisterSerializer): class PrivateRegisterForNewUserSerializer(BaseRegisterSerializer): token = serializers.CharField(max_length=255, required=True) + class PrivateRegisterForExistingUserSerializer(serializers.Serializer): - username = serializers.CharField(max_length=200) + username = serializers.CharField(max_length=30) password = serializers.CharField(min_length=4) token = serializers.CharField(max_length=255, required=True) diff --git a/taiga/users/serializers.py b/taiga/users/serializers.py index 05cb5e95..26382d37 100644 --- a/taiga/users/serializers.py +++ b/taiga/users/serializers.py @@ -46,5 +46,6 @@ class RecoverySerializer(serializers.Serializer): token = serializers.CharField(max_length=200) password = serializers.CharField(min_length=6) + class ChangeEmailSerializer(serializers.Serializer): email_token = serializers.CharField(max_length=200) diff --git a/tests/integration/test_auth_api.py b/tests/integration/test_auth_api.py index 574c8d59..b714f4a5 100644 --- a/tests/integration/test_auth_api.py +++ b/tests/integration/test_auth_api.py @@ -48,7 +48,7 @@ def test_respond_400_if_domain_does_not_allow_public_registration(client, regist assert response.status_code == 400 -def test_respond_201_if_domain_allows_public_registration(client, register_form): +def test_respond_201_with_invitation_if_domain_does_not_allows_public_registration(client, register_form): user = factories.UserFactory() membership = factories.MembershipFactory(user=user) @@ -120,3 +120,15 @@ def test_response_404_in_registration_with_github_account_in_a_project_with_inva response = client.post(reverse("auth-list"), form) assert response.status_code == 404 + + +def test_respond_400_If_username_is_invalid(client, settings, register_form): + settings.PUBLIC_REGISTER_ENABLED = True + + register_form.update({"username": "User Examp:/e"}) + response = client.post(reverse("auth-register"), register_form) + assert response.status_code == 400 + + register_form.update({"username": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-error"}) + response = client.post(reverse("auth-register"), register_form) + assert response.status_code == 400