diff --git a/app/blueprints/users/account.py b/app/blueprints/users/account.py index 79c0d0fc..b8de2746 100644 --- a/app/blueprints/users/account.py +++ b/app/blueprints/users/account.py @@ -26,7 +26,8 @@ from wtforms.validators import * from app.models import * from app.tasks.emails import send_verify_email, send_anon_email, send_unsubscribe_verify, send_user_email -from app.utils import randomString, make_flask_login_password, is_safe_url, check_password_hash, addAuditLog, nonEmptyOrNone, post_login +from app.utils import randomString, make_flask_login_password, is_safe_url, check_password_hash, addAuditLog, \ + nonEmptyOrNone, post_login, is_username_valid from passlib.pwd import genphrase from . import bp @@ -114,6 +115,10 @@ def handle_register(form): flash(gettext("Incorrect captcha answer"), "danger") return + if not is_username_valid(form.username.data): + flash(gettext("Username is invalid")) + return + user_by_name = User.query.filter(or_( User.username == form.username.data, User.username == form.display_name.data, diff --git a/app/blueprints/users/claim.py b/app/blueprints/users/claim.py index c994ff60..a53b633a 100644 --- a/app/blueprints/users/claim.py +++ b/app/blueprints/users/claim.py @@ -18,15 +18,9 @@ from flask_babel import gettext from . import bp from flask import redirect, render_template, session, request, flash, url_for from app.models import db, User, UserRank -from app.utils import randomString, login_user_set_active +from app.utils import randomString, login_user_set_active, is_username_valid from app.tasks.forumtasks import checkForumAccount from app.utils.phpbbparser import getProfile -import re - - -def check_username(username): - return username is not None and len(username) >= 2 and re.match("^[A-Za-z0-9._-]*$", username) - @bp.route("/user/claim/", methods=["GET", "POST"]) @@ -42,7 +36,7 @@ def claim_forums(): else: method = request.args.get("method") - if not check_username(username): + if not is_username_valid(username): flash(gettext("Invalid username - must only contain A-Za-z0-9._. Consider contacting an admin"), "danger") return redirect(url_for("users.claim_forums")) @@ -67,7 +61,7 @@ def claim_forums(): ctype = request.form.get("claim_type") username = request.form.get("username") - if not check_username(username): + if not is_username_valid(username): flash(gettext("Invalid username - must only contain A-Za-z0-9._. Consider contacting an admin"), "danger") elif ctype == "github": task = checkForumAccount.delay(username) diff --git a/app/tasks/forumtasks.py b/app/tasks/forumtasks.py index 785e4c31..4edcc811 100644 --- a/app/tasks/forumtasks.py +++ b/app/tasks/forumtasks.py @@ -18,6 +18,7 @@ import json, re, sys from app.models import * from app.tasks import celery +from app.utils import is_username_valid from app.utils.phpbbparser import getProfile, getTopicsFromForum import urllib.request @@ -137,6 +138,9 @@ def importTopicList(): if user: return user + if not is_username_valid(username): + return None + user = User.query.filter_by(forums_username=username).first() if user is None: user = User.query.filter_by(username=username).first() diff --git a/app/utils/__init__.py b/app/utils/__init__.py index ed84ed4f..60284df8 100644 --- a/app/utils/__init__.py +++ b/app/utils/__init__.py @@ -19,11 +19,16 @@ import secrets from .flask import * from .models import * from .user import * +import re YESES = ["yes", "true", "1", "on"] +def is_username_valid(username): + return username is not None and len(username) >= 2 and re.match(r"^[A-Za-z0-9._-]*$", username) + + def isYes(val): return val and val.lower() in YESES