From: Magnus Hagander <magnus@hagander.net>
Date: Tue, 26 Mar 2013 20:15:02 +0000 (+0100)
Subject: Dissallow non-standard characters in username
X-Git-Url: http://git.postgresql.org/gitweb/static/gitweb.js?a=commitdiff_plain;h=3842b9e7cdcba30476a928c6e55d8f90df9347f6;p=pgweb.git

Dissallow non-standard characters in username

Specifically, only allow alphabetical, numbers, _@- and period.

The website it self handles "advanced" characters just fine, but all
systems integrated through community authentication does not.
---

diff --git a/pgweb/account/forms.py b/pgweb/account/forms.py
index d50d249d..f4a7ec28 100644
--- a/pgweb/account/forms.py
+++ b/pgweb/account/forms.py
@@ -1,5 +1,7 @@
 from django import forms
 
+import re
+
 from django.contrib.auth.models import User
 from pgweb.core.models import UserProfile
 
@@ -25,6 +27,8 @@ class SignupForm(forms.Form):
 	def clean_username(self):
 		username = self.cleaned_data['username'].lower()
 
+		if not re.match('^[a-z0-9_@\.-]+$', username):
+			raise forms.ValidationError("Invalid character in user name. Only a-z, 0-9, _, @, . and - allowed.")
 		try:
 			u = User.objects.get(username=username)
 		except User.DoesNotExist: