custom_user: forbid special characters in names (#51194)

This commit is contained in:
Valentin Deniaud 2021-02-25 09:26:03 +01:00
parent 926aad5f72
commit 8df0d97988
2 changed files with 44 additions and 0 deletions

View File

@ -18,6 +18,7 @@ import re
from django.contrib.auth import get_user_model
from django.core.exceptions import ValidationError
from django.core.validators import RegexValidator
from django.utils.translation import ugettext_lazy as _, ugettext
from django.contrib.auth.models import BaseUserManager, Group
@ -61,10 +62,24 @@ class RegistrationForm(HoneypotForm):
return email
validate_name = RegexValidator(
r'[0-9_!¡?÷?¿/\\+=@#$%ˆ&*(){}|~<>;:[\]]',
message=_('Special caracters are not allowed.'),
inverse_match=True,
)
class RegistrationCompletionFormNoPassword(profile_forms.BaseUserForm):
error_css_class = 'form-field-error'
required_css_class = 'form-field-required'
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
if 'first_name' in self.fields:
self.fields['first_name'].validators.append(validate_name)
if 'last_name' in self.fields:
self.fields['last_name'].validators.append(validate_name)
def clean_username(self):
if self.cleaned_data.get('username'):
username = self.cleaned_data['username']

View File

@ -835,3 +835,32 @@ def test_honeypot(app, db, settings, mailoutbox):
response = response.follow()
assert len(mailoutbox) == 0
assert 'Your registration request has been refused' in response
def test_registration_name_validation(app, db, mailoutbox):
resp = app.get(reverse('registration_register'))
resp.form.set('email', 'testbot@entrouvert.com')
resp = resp.form.submit().follow()
link = get_link_from_mail(mailoutbox[0])
resp = app.get(link)
resp.form.set('password1', 'T0==toto')
resp.form.set('password2', 'T0==toto')
resp.form.set('first_name', '01/01/1871')
resp.form.set('last_name', 'Doe')
resp = resp.form.submit()
assert 'Special caracters are not allowed' in resp.text
resp.form.set('password1', 'T0==toto')
resp.form.set('password2', 'T0==toto')
resp.form.set('first_name', 'John')
resp.form.set('last_name', 'a(a')
resp = resp.form.submit()
assert 'Special caracters are not allowed' in resp.text
resp.form.set('password1', 'T0==toto')
resp.form.set('password2', 'T0==toto')
resp.form.set('first_name', 'Léo')
resp.form.set('last_name', 'D\'Équerre')
resp = resp.form.submit().follow()
assert 'You have just created an account' in resp.text