Merge branch 'username-validation' into 'develop'

Apply restrictions to username characters during signup See merge request funkwhale/funkwhale!340
2018-07-22 11:09:43 +00:00 · 2018-07-22 11:09:43 +00:00 · 1a1572f7de
parent dcd33693e5 ba76fe9f49
commit 1a1572f7de
5 changed files with 39 additions and 1 deletions
--- a/api/config/settings/common.py
+++ b/api/config/settings/common.py
@ -302,6 +302,7 @@ SESSION_COOKIE_HTTPONLY = False
 ACCOUNT_AUTHENTICATION_METHOD = "username_email"
 ACCOUNT_EMAIL_REQUIRED = True
 ACCOUNT_EMAIL_VERIFICATION = "mandatory"
 ACCOUNT_USERNAME_VALIDATORS = "funkwhale_api.users.serializers.username_validators"
 # Custom user app defaults
 # Select the correct user model
@ -432,6 +433,7 @@ PLAYLISTS_MAX_TRACKS = env.int("PLAYLISTS_MAX_TRACKS", default=250)
 ACCOUNT_USERNAME_BLACKLIST = [
    "funkwhale",
    "library",
    "instance",
    "test",
    "status",
    "root",
--- a/api/funkwhale_api/federation/views.py
+++ b/api/funkwhale_api/federation/views.py
@ -34,6 +34,7 @@ class FederationMixin(object):
 class ActorViewSet(FederationMixin, mixins.RetrieveModelMixin, viewsets.GenericViewSet):
    lookup_field = "user__username"
    lookup_value_regex = ".*"
    authentication_classes = [authentication.SignatureAuthentication]
    permission_classes = []
    renderer_classes = [renderers.ActivityPubRenderer]
--- a/api/funkwhale_api/users/serializers.py
+++ b/api/funkwhale_api/users/serializers.py
@ -1,8 +1,13 @@
 import re
 from django.conf import settings
 from django.core import validators
 from django.utils.deconstruct import deconstructible
 from django.utils.translation import gettext_lazy as _
 from rest_auth.serializers import PasswordResetSerializer as PRS
 from rest_auth.registration.serializers import RegisterSerializer as RS
 from rest_framework import serializers
 from versatileimagefield.serializers import VersatileImageFieldSerializer
 from funkwhale_api.activity import serializers as activity_serializers
@ -10,6 +15,19 @@ from funkwhale_api.activity import serializers as activity_serializers
 from . import models
@deconstructible
 class ASCIIUsernameValidator(validators.RegexValidator):
    regex = r"^[\w]+$"
    message = _(
        "Enter a valid username. This value may contain only English letters, "
        "numbers, and _ characters."
    )
    flags = re.ASCII
 username_validators = [ASCIIUsernameValidator()]
 class RegisterSerializer(RS):
    invitation = serializers.CharField(
        required=False, allow_null=True, allow_blank=True
--- a/api/tests/users/test_views.py
+++ b/api/tests/users/test_views.py
@ -20,6 +20,22 @@ def test_can_create_user_via_api(preferences, api_client, db):
    assert u.username == "test1"
@pytest.mark.parametrize("username", ["wrong.name", "wrong-name", "éaeu", "wrong name"])
 def test_username_only_accepts_letters_and_underscores(
    username, preferences, api_client, db
 ):
    url = reverse("rest_register")
    data = {
        "username": username,
        "email": "test1@test.com",
        "password1": "testtest",
        "password2": "testtest",
    }
    preferences["users__registration_enabled"] = True
    response = api_client.post(url, data)
    assert response.status_code == 400
 def test_can_restrict_usernames(settings, preferences, db, api_client):
    url = reverse("rest_register")
    preferences["users__registration_enabled"] = True
--- a/changes/changelog.d/username.enhancement
+++ b/changes/changelog.d/username.enhancement
@ -0,0 +1 @@
 Apply restrictions to username characters during signup
		`@ -0,0 +1 @@`
							`Apply restrictions to username characters during signup`