Ask for username instead of email for login, validate username on

registration
2 years ago · 4cf0161d7c
2 changed files with 23 additions and 11 deletions
--- a/dal/forms.py
+++ b/dal/forms.py
@ -4,18 +4,18 @@ from django.utils.translation import ugettext_lazy as _


 class LoginForm(forms.Form):
-    email = forms.CharField(widget=forms.TextInput())
+    username = forms.CharField(widget=forms.TextInput())
    password = forms.CharField(widget=forms.PasswordInput())

    class Meta:
-        fields = ['email', 'password']
+        fields = ['username', 'password']

    def clean(self):
-        email = self.cleaned_data.get('email')
+        username = self.cleaned_data.get('username')
        password = self.cleaned_data.get('password')
        if self.errors:
            return self.cleaned_data
-        is_auth = authenticate(username=email, password=password)
+        is_auth = authenticate(username=username, password=password)
        if not is_auth:
            raise forms.ValidationError(
                _("Your username and/or password were incorrect.")
@ -26,6 +26,6 @@ class LoginForm(forms.Form):
        #     )
        return self.cleaned_data

-    def clean_email(self):
-        email = self.cleaned_data.get('email')
-        return email
+    # XXX: is that thing used? Or useful?
+    def clean_username(self):
+         return self.cleaned_data.get('username')
--- a/dal/views.py
+++ b/dal/views.py
@ -16,6 +16,7 @@ from .forms import LoginForm
 from .ungleich_ldap import LdapManager

 import logging
+import re

 logger = logging.getLogger(__name__)

@ -30,6 +31,9 @@ import string
 from django.conf import settings
 from django.contrib.auth.mixins import LoginRequiredMixin

+# Small helper used for registration.
+def is_username_valid(username):
+    return re.fullmatch(r"^[a-z|0-9|\-|_]+$", username)

 class Index(FormView):
    template_name = "landing.html"
@ -37,9 +41,9 @@ class Index(FormView):
    success_url = 'useroptions.html'

    def form_valid(self, form):
-        email = form.cleaned_data.get('email')
+        username = form.cleaned_data.get('username')
        password = form.cleaned_data.get('password')
-        user = authenticate(username=email, password=password)
+        user = authenticate(username=username, password=password)
        if user is not None:
            login(self.request, user)
            return render(self.request, 'useroptions.html', { 'user': user } )
@ -64,7 +68,16 @@ class Register(View):
        username = request.POST.get('username')

        if username == "" or not username:
-            return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Please supply a username.' } )
+            return render(request, 'error.html', {
+                'urlname': urlname,
+                'service': service,
+                'error': 'Please supply a username.' } )
+
+        if not is_username_valid(username):
+            return render(request, 'error.html', {
+                'urlname': urlname,
+                'service': service,
+                'error': 'You can only use lowercase letters, numbers, underscores and the dash character in your username.' } )

        password1 = request.POST.get('password1')
        password2 = request.POST.get('password2')
@ -491,7 +504,6 @@ class PseudoUser():
 class UserCreateAPI(APIView):

    def post(self, request):
-
        username = request.POST.get('username')
        email = request.POST.get('email')
        firstname = request.POST.get('firstname')