try new approach with only ascii lowercase + numbers valid for new users

WIPACrepo · Jan 5, 2024 · 2136916 · 2136916
1 parent fa01f60
commit 2136916
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 14 deletions.
diff --git a/tests/test_api_users.py b/tests/test_api_users.py
@@ -194,9 +194,19 @@ async def test_username_select(server, reg_token_client):
     'fo=o',  # invalid char
     'fo o',  # space
     'f\'oo',  # quote
+    'f-oo',  # dash
+    'f.oo',  # dot
+    'f_oo',  # underscore
+    'Foo',  # uppercase
+    'foO',  # uppercase
+]
+# put is less strict
+invalid_usernames_put = [
+    'foò',  # unicode
+    'fo=o',  # invalid char
+    'fo o',  # space
+    'f\'oo',  # quote
 ]
-# put is fine with lengths, so ignore those errors
-invalid_usernames_put = invalid_usernames[2:]
 
 @pytest.mark.parametrize('username', invalid_usernames_put)
 @pytest.mark.asyncio

diff --git a/user_mgmt/static/routes/register.js b/user_mgmt/static/routes/register.js
@@ -186,7 +186,7 @@ export default {
       <textinput name="Last Name" inputName="last_name" v-model.trim="lastName"
        required=true :valid="validLastName" :allValid="valid"></textinput>
       <textinput name="Username" inputName="username" v-model.trim="username"
-       required=true :valid="validUsername" :allValid="valid" helptext="Note: must be between 5-16 characters"></textinput>
+       required=true :valid="validUsername" :allValid="valid" helptext="Note: must be between 5-16 characters, ascii lowercase and numbers"></textinput>
       <textinput name="External Email Address" inputName="email" v-model.trim="email"
        required=true :valid="validEmail" :allValid="valid"></textinput>
       <div v-if="errMessage" class="error_box" v-html="errMessage"></div>

diff --git a/user_mgmt/users.py b/user_mgmt/users.py
@@ -2,9 +2,9 @@
 Handle user profile updates.
 """
 import itertools
-import re
-import os
 import logging
+import os
+import string
 
 from tornado.web import HTTPError
 from rest_tools.server import catch_error, authenticated
@@ -74,7 +74,7 @@ class Username(MyHandler):
     @staticmethod
     def _gen_username(first_name, last_name, number):
         """Make ascii username from first and last name."""
-        ret = unidecode.unidecode(first_name[0] + last_name).replace("'", '').replace(' ', '').lower()
+        ret = unidecode.unidecode(first_name[0] + last_name).replace("'", '').replace(' ', '').replace('.','').lower()
         if len(ret) < 5:
             ret = f'{ret:0<5s}'
         if len(ret) > 8:
@@ -89,20 +89,17 @@ def _username_valid(username):
         Check if a username is valid.
 
         Valid:
-        * ascii string between 4-16 chars
-        * letters, numbers, -, ., _
+        * ascii string between 5-15 chars
+        * lowercase letters, numbers
 
         Invalid:
         * unicode
-        * quotes
-        * spaces
+        * punctuation
         * special chars
         * BAD_WORDS filter
         """
-        ascii_username = unidecode.unidecode(username).replace("'", '').replace(' ', '').lower()
-        if ascii_username != username:
-            return False
-        if not re.fullmatch(r'[\w\-\._]+', username):
+        valid_chars = string.ascii_lowercase + string.digits
+        if any(c not in valid_chars for c in username):
             return False
         if len(username) < 5:
             return False