Fix #1096 - allow - in usernames

Signed-off-by: Loic Dachary <loic@dachary.org>

diff --git a/mediagoblin/auth/tools.py b/mediagoblin/auth/tools.py
index 5a47dae4c8d7e8a9fa989dc60746428624ab3563..9c16a980d7ee54d4bc1b861a8697897cbbbd8435 100644 (file)
--- a/mediagoblin/auth/tools.py
+++ b/mediagoblin/auth/tools.py
@@ -57,7 +57,7 @@ def normalize_user_or_email_field(allow_email=True, allow_user=True):
             if not allow_user:
                 raise wtforms.ValidationError(nouser_msg)
             wtforms.validators.Length(min=3, max=30)(form, field)
-            wtforms.validators.Regexp(r'^\w+$')(form, field)
+            wtforms.validators.Regexp(r'^[-_\w]+$')(form, field)
             field.data = field.data.lower()
         if field.data is None:  # should not happen, but be cautious anyway
             raise wtforms.ValidationError(message)

diff --git a/mediagoblin/tests/test_auth.py b/mediagoblin/tests/test_auth.py
index 62f77f7432a2e533cdacded471709199c3027241..cb971fdbb8783cc9aebdb3ccd238b018638fc87e 100644 (file)
--- a/mediagoblin/tests/test_auth.py
+++ b/mediagoblin/tests/test_auth.py
@@ -80,9 +80,31 @@ def test_register_views(test_app):
     assert form.username.errors == [u'This field does not take email addresses.']
     assert form.email.errors == [u'This field requires an email address.']
 
+    ## invalid characters
+    template.clear_test_template_context()
+    test_app.post(
+        '/auth/register/', {
+            'username': 'ampersand&invalid',
+            'email': 'easter@egg.com'})
+    context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
+    form = context['register_form']
+
+    assert form.username.errors == [u'Invalid input.']
+
     ## At this point there should be no users in the database ;)
     assert User.query.count() == 0
 
+    ## mixture of characters from all valid ranges
+    template.clear_test_template_context()
+    test_app.post(
+        '/auth/register/', {
+            'username': 'Jean-Louis1_Le-Chat',
+            'password': 'iamsohappy',
+            'email': 'easter@egg.com'})
+
+    ## At this point there should on user in the database
+    assert User.query.count() == 1
+
     # Successful register
     # -------------------
     template.clear_test_template_context()
@@ -115,7 +137,7 @@ def test_register_views(test_app):
     assert request.session['user_id'] == six.text_type(new_user.id)
 
     ## Make sure we get email confirmation, and try verifying
-    assert len(mail.EMAIL_TEST_INBOX) == 1
+    assert len(mail.EMAIL_TEST_INBOX) == 2
     message = mail.EMAIL_TEST_INBOX.pop()
     assert message['To'] == 'angrygrrl@example.org'
     email_context = template.TEMPLATE_TEST_CONTEXT[
@@ -187,7 +209,7 @@ def test_register_views(test_app):
     assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT
 
     ## Make sure link to change password is sent by email
-    assert len(mail.EMAIL_TEST_INBOX) == 1
+    assert len(mail.EMAIL_TEST_INBOX) == 2
     message = mail.EMAIL_TEST_INBOX.pop()
     assert message['To'] == 'angrygrrl@example.org'
     email_context = template.TEMPLATE_TEST_CONTEXT[