mirror of
https://github.com/minetest/contentdb.git
synced 2025-01-08 22:17:34 +01:00
Validate forum usernames in the claim form
This commit is contained in:
rubenwardy
parent
a47d222a47
commit
ff93be7a89
@ -17,11 +17,14 @@
|
||||
|
||||
from . import bp
|
||||
from flask import redirect, render_template, session, request, flash, url_for
|
||||
from flask_user import current_user
|
||||
from app.models import db, User, UserRank
|
||||
from app.utils import randomString, loginUser, rank_required
|
||||
from app.utils import randomString, loginUser
|
||||
from app.tasks.forumtasks import checkForumAccount
|
||||
from app.tasks.phpbbparser import getProfile
|
||||
import re
|
||||
|
||||
def check_username(username):
|
||||
return username is not None and len(username) >= 2 and re.match("^[A-Za-z0-9._-]*$", username)
|
||||
|
||||
@bp.route("/user/claim/", methods=["GET", "POST"])
|
||||
def claim():
|
||||
@ -31,6 +34,10 @@ def claim():
|
||||
else:
|
||||
method = request.args.get("method")
|
||||
|
||||
if not check_username(username):
|
||||
flash("Invalid username - must only contain A-Za-z0-9._. Consider contacting an admin", "danger")
|
||||
return redirect(url_for("users.claim"))
|
||||
|
||||
user = User.query.filter_by(forums_username=username).first()
|
||||
if user and user.rank.atLeast(UserRank.NEW_MEMBER):
|
||||
flash("User has already been claimed", "danger")
|
||||
@ -45,7 +52,6 @@ def claim():
|
||||
flash("Unable to find user", "danger")
|
||||
return redirect(url_for("users.claim"))
|
||||
|
||||
|
||||
token = None
|
||||
if "forum_token" in session:
|
||||
token = session["forum_token"]
|
||||
@ -57,8 +63,8 @@ def claim():
|
||||
ctype = request.form.get("claim_type")
|
||||
username = request.form.get("username")
|
||||
|
||||
if username is None or len(username.strip()) < 2:
|
||||
flash("Invalid username", "danger")
|
||||
if not check_username(username):
|
||||
flash("Invalid username - must only contain A-Za-z0-9._. Consider contacting an admin", "danger")
|
||||
elif ctype == "github":
|
||||
task = checkForumAccount.delay(username)
|
||||
return redirect(url_for("tasks.check", id=task.id, r=url_for("users.claim", username=username, method="github")))
|
||||
@ -88,6 +94,8 @@ def claim():
|
||||
|
||||
# Look for key
|
||||
if sig and token in sig:
|
||||
# Try getting again to fix crash
|
||||
user = User.query.filter_by(forums_username=username).first()
|
||||
if user is None:
|
||||
user = User(username)
|
||||
user.forums_username = username
|
||||
@ -106,4 +114,4 @@ def claim():
|
||||
else:
|
||||
flash("Unknown claim type", "danger")
|
||||
|
||||
return render_template("users/claim.html", username=username, key=token)
|
||||
return render_template("users/claim.html", username=username, key="cdb_" + token)
|
||||
|
||||
@ -52,7 +52,8 @@ Creating an Account
|
||||
Enter your forum username here:
|
||||
</p>
|
||||
|
||||
<input class="form-control my-4" type="text" name="username" value="{{ username }}" required placeholder="Forum username">
|
||||
<input class="form-control my-4" type="text" name="username" value="{{ username }}"
|
||||
placeholder="Forum username" pattern="[a-zA-Z0-9._ -]+" title="Only a-zA-Z0-9._ allowed" required>
|
||||
|
||||
<p>
|
||||
You'll need to have the GitHub field in your forum profile
|
||||
@ -81,7 +82,8 @@ Creating an Account
|
||||
Enter your forum username here:
|
||||
</p>
|
||||
|
||||
<input class="form-control my-3" type="text" name="username" value="{{ username }}" required placeholder="Forum username">
|
||||
<input class="form-control my-3" type="text" name="username" value="{{ username }}"
|
||||
placeholder="Forum username" pattern="[a-zA-Z0-9._ -]+" title="Only a-zA-Z0-9._ allowed" required>
|
||||
|
||||
<p>
|
||||
Go to
|
||||
@ -109,24 +111,24 @@ Creating an Account
|
||||
</div>
|
||||
|
||||
<div class="col-sm-4">
|
||||
<div class="card">
|
||||
<div class="card-header">
|
||||
<span class="badge badge-pill badge-dark mr-2">Option 3</span>
|
||||
Email/password sign up
|
||||
</div>
|
||||
<div class="card">
|
||||
<div class="card-header">
|
||||
<span class="badge badge-pill badge-dark mr-2">Option 3</span>
|
||||
Email/password sign up
|
||||
</div>
|
||||
|
||||
<div class="card-body">
|
||||
<p class="alert alert-danger">
|
||||
<b>Only do this if you don't have a forum account!</b>
|
||||
</p>
|
||||
<p>
|
||||
If you have a forum account, please use one of the other two
|
||||
options.
|
||||
</p>
|
||||
<div class="card-body">
|
||||
<p class="alert alert-danger">
|
||||
<b>Only do this if you don't have a forum account!</b>
|
||||
</p>
|
||||
<p>
|
||||
If you have a forum account, please use one of the other two
|
||||
options.
|
||||
</p>
|
||||
|
||||
<a class="btn btn-primary" href="{{ url_for('user.register') }}">Register</a>
|
||||
</div>
|
||||
</div>
|
||||
<a class="btn btn-primary" href="{{ url_for('user.register') }}">Register</a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{% endif %}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user