From 4cf0161d7cf0722b5b008d6edfdc7fa0f7eadfd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Fri, 1 May 2020 11:08:13 +0200 Subject: [PATCH] Ask for username instead of email for login, validate username on registration --- dal/forms.py | 14 +++++++------- dal/views.py | 20 ++++++++++++++++---- 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/dal/forms.py b/dal/forms.py index d4bc028..972329b 100644 --- a/dal/forms.py +++ b/dal/forms.py @@ -4,18 +4,18 @@ from django.utils.translation import ugettext_lazy as _ class LoginForm(forms.Form): - email = forms.CharField(widget=forms.TextInput()) + username = forms.CharField(widget=forms.TextInput()) password = forms.CharField(widget=forms.PasswordInput()) class Meta: - fields = ['email', 'password'] + fields = ['username', 'password'] def clean(self): - email = self.cleaned_data.get('email') + username = self.cleaned_data.get('username') password = self.cleaned_data.get('password') if self.errors: return self.cleaned_data - is_auth = authenticate(username=email, password=password) + is_auth = authenticate(username=username, password=password) if not is_auth: raise forms.ValidationError( _("Your username and/or password were incorrect.") @@ -26,6 +26,6 @@ class LoginForm(forms.Form): # ) return self.cleaned_data - def clean_email(self): - email = self.cleaned_data.get('email') - return email + # XXX: is that thing used? Or useful? + def clean_username(self): + return self.cleaned_data.get('username') diff --git a/dal/views.py b/dal/views.py index eb5e5de..0d588c1 100644 --- a/dal/views.py +++ b/dal/views.py @@ -16,6 +16,7 @@ from .forms import LoginForm from .ungleich_ldap import LdapManager import logging +import re logger = logging.getLogger(__name__) @@ -30,6 +31,9 @@ import string from django.conf import settings from django.contrib.auth.mixins import LoginRequiredMixin +# Small helper used for registration. +def is_username_valid(username): + return re.fullmatch(r"^[a-z|0-9|\-|_]+$", username) class Index(FormView): template_name = "landing.html" @@ -37,9 +41,9 @@ class Index(FormView): success_url = 'useroptions.html' def form_valid(self, form): - email = form.cleaned_data.get('email') + username = form.cleaned_data.get('username') password = form.cleaned_data.get('password') - user = authenticate(username=email, password=password) + user = authenticate(username=username, password=password) if user is not None: login(self.request, user) return render(self.request, 'useroptions.html', { 'user': user } ) @@ -64,7 +68,16 @@ class Register(View): username = request.POST.get('username') if username == "" or not username: - return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Please supply a username.' } ) + return render(request, 'error.html', { + 'urlname': urlname, + 'service': service, + 'error': 'Please supply a username.' } ) + + if not is_username_valid(username): + return render(request, 'error.html', { + 'urlname': urlname, + 'service': service, + 'error': 'You can only use lowercase letters, numbers, underscores and the dash character in your username.' } ) password1 = request.POST.get('password1') password2 = request.POST.get('password2') @@ -491,7 +504,6 @@ class PseudoUser(): class UserCreateAPI(APIView): def post(self, request): - username = request.POST.get('username') email = request.POST.get('email') firstname = request.POST.get('firstname')