[snowy] Check usernames against a blacklist

From: Brad Taylor <btaylor src gnome org>
To: svn-commits-list gnome org
Subject: [snowy] Check usernames against a blacklist
Date: Mon, 20 Jul 2009 19:00:11 +0000 (UTC)
commit df308961e847a03ea3248929fef63087a6229d7a
Author: Brad Taylor <brad getcoded net>
Date:   Mon Jul 20 14:59:59 2009 -0400

    Check usernames against a blacklist

 TODO              |    1 -
 settings.py       |    2 +-
 urls.py           |   35 ++++++++++++++++++++++++++++++++---
 users/forms.py    |   39 +++++++++++++++++++++++++++++++++++++++
 4 files changed, 72 insertions(+), 5 deletions(-)
---
diff --git a/TODO b/TODO
index 25f0fb9..750b0b6 100644
--- a/TODO
+++ b/TODO
@@ -20,7 +20,6 @@ TODO
    - Interface for detecting/selecting preferred language
 
  * Accounts
-   - Username blacklist (e.g.: no "admin", "accounts", "registration", etc)
    - Verify password sanity/strength
    - Add recaptcha to prevent spammy accounts
    - Preferences page (what would we use it for?)
diff --git a/settings.py b/settings.py
index 2c240f0..426ca1a 100644
--- a/settings.py
+++ b/settings.py
@@ -108,7 +108,7 @@ INSTALLED_APPS = (
 # Maximum number of notes to show on the notes_detail list.
 SNOWY_LIST_MAX_NOTES = 18
 
-ACCOUNT_ACTIVATION_DAYS = 30
+ACCOUNT_ACTIVATION_DAYS = 15
 
 AUTH_PROFILE_MODULE = 'notes.UserProfile'
 
diff --git a/urls.py b/urls.py
index cb797a0..c99d6dd 100644
--- a/urls.py
+++ b/urls.py
@@ -15,18 +15,23 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 
-from django.conf.urls.defaults import *
 from django.views.generic.list_detail import object_list, object_detail
+from django.views.generic.simple import direct_to_template
+from django.contrib.auth import views as auth_views
+from django.conf.urls.defaults import *
+
+from snowy.users.forms import RegistrationFormUniqueUser
 from snowy.notes.models import Note
 
+from registration.views import activate
+from registration.views import register
+
 from django.contrib import admin
 admin.autodiscover()
 
 urlpatterns = patterns('',
     (r'^$', 'django.views.generic.simple.direct_to_template', {'template': 'index.html'}),
 
-    (r'^registration/', include('registration.urls')),
-
     (r'^(?P<username>\w+)/notes/', include('snowy.notes.urls')),
 
     (r'^api/', include('snowy.api.urls')),
@@ -39,6 +44,30 @@ urlpatterns = patterns('',
     (r'^admin/', include(admin.site.urls)),
 )
 
+# Registration URLs
+urlpatterns += patterns('',
+    url(r'^registration/activate/(?P<activation_key>\w+)/$', activate, name='registration_activate'),
+    url(r'^registration/login/$', auth_views.login, {'template_name': 'registration/login.html'},
+        name='auth_login'),
+    url(r'^registration/logout/$', auth_views.logout, {'template_name': 'registration/logout.html'},
+        name='auth_logout'),
+    url(r'^registration/password/change/$', auth_views.password_change, name='auth_password_change'),
+    url(r'^registration/password/change/done/$', auth_views.password_change_done,
+        name='auth_password_change_done'),
+    url(r'^registration/password/reset/$', auth_views.password_reset, name='auth_password_reset'),
+    url(r'^registration/password/reset/confirm/(?P<uidb36>[0-9A-Za-z]+)-(?P<token>.+)/$',
+        auth_views.password_reset_confirm, name='auth_password_reset_confirm'),
+    url(r'^registration/password/reset/complete/$', auth_views.password_reset_complete,
+        name='auth_password_reset_complete'),
+    url(r'^registration/password/reset/done/$', auth_views.password_reset_done,
+        name='auth_password_reset_done'),
+    url(r'^registration/register/$', register, {'form_class': RegistrationFormUniqueUser},
+        name='registration_register'),
+    url(r'^registration/register/complete/$', direct_to_template,
+        {'template': 'registration/registration_complete.html'},
+        name='registration_complete'),
+)
+
 from django.conf import settings
 
 if settings.DEBUG:
diff --git a/users/__init__.py b/users/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/users/forms.py b/users/forms.py
new file mode 100644
index 0000000..71c611d
--- /dev/null
+++ b/users/forms.py
@@ -0,0 +1,39 @@
+#
+# Copyright (c) 2009 Brad Taylor <brad getcoded net>
+#
+# This program is free software: you can redistribute it and/or modify it under
+# the terms of the GNU Affero General Public License as published by the Free
+# Software Foundation, either version 3 of the License, or (at your option) any
+# later version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
+# details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+from registration.forms import RegistrationFormUniqueEmail
+from django.utils.translation import ugettext_lazy as _
+from django import forms
+
+class RegistrationFormUniqueUser(RegistrationFormUniqueEmail):
+    """
+    Subclass of ``RegistrationFormUniqueEmail`` which verifies usernames
+    against a blacklist.
+    """
+    username_blacklist = ['about', 'accounts', 'admin', 'api', 'blog',
+                          'contact', 'css', 'friends', 'images', 'index.html',
+                          'news', 'notes', 'oauth', 'pony', 'register',
+                          'registration', 'site_media', 'snowy', 'tomboy' ]
+
+    def clean_username(self):
+        """
+        Validate that the user doesn't exist in our blacklist.
+        """
+        username = self.cleaned_data['username']
+        if username in self.username_blacklist:
+            raise forms.ValidationError(_(u'This username has been reserved.  Please choose another.'))
+        return username
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]