Implement username blacklist; Don't allow registration with existing usernames.

author: Marian Sigler <m@qjym.de> 2012-09-26 23:46:15 +0200
committer: Marian Sigler <m@qjym.de> 2012-09-26 23:46:15 +0200
commit: dfdd6899668bb153bfe992566ec1d11de29f2ad7 (patch)
tree: 7998631746076a26d75ad4ed1603c65af9bb45c8
parent: dfa0c8f473dab87dfa69ebab3a70883dab03b236 (diff)
download: web-dfdd6899668bb153bfe992566ec1d11de29f2ad7.tar.gz
web-dfdd6899668bb153bfe992566ec1d11de29f2ad7.tar.bz2
web-dfdd6899668bb153bfe992566ec1d11de29f2ad7.zip
3 files changed, 28 insertions, 1 deletions
diff --git a/.gitignore b/.gitignore
index 9a102e9..9b19934 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,4 @@
 *.pyc
 env/
+settings.py
+username_blacklist.txt
diff --git a/app.py b/app.py
index 2b47f53..3785ac8 100644
--- a/app.py
+++ b/app.py
@@ -34,6 +34,15 @@ def ldap_connect():
             # we had crap in the session, delete it
             logout_user()
 
+@app.before_request
+def read_blacklist():
+    app.username_blacklist = None
+
+    # use @before_first_request as soon as we require flask 0.8
+    if app.username_blacklist is None and app.config.get('USERNAME_BLACKLIST_FILE'):
+        with open(app.config['USERNAME_BLACKLIST_FILE']) as f:
+            app.username_blacklist = f.read().split('\n')
+
 
 @app.route('/', methods=['GET', 'POST'])
 @templated('index.html')
diff --git a/forms.py b/forms.py
index b580e2f..063412b 100644
--- a/forms.py
+++ b/forms.py
@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 from account import SERVICES, NoSuchUserError
-from flask import g
+from flask import g, current_app, url_for, Markup
 from flask.ext.wtf import Form, validators, TextField, PasswordField,\
                           ValidationError
 from functools import partial
@@ -15,6 +15,22 @@ class RegisterForm(Form):
     username = username()
     mail = TextField('E-Mail-Adresse', [validators.Email(), validators.Length(min=6, max=50)])
 
+    def validate_username(form, field):
+        try:
+            g.ldap.get_by_uid(field.data)
+        except NoSuchUserError:
+            if current_app.username_blacklist:
+                if field.data.lower() in current_app.username_blacklist:
+
+                    raise ValidationError(Markup(u'Dieser Benutzername ist momentan nicht erlaubt. '
+                                          u'<a href="%s">Weitere Informationen</a>' % url_for('about')))
+                else:
+                    print 'not in blacklist: %r' % field.data
+            else:
+                print 'no blacklist'
+        else:
+            raise ValidationError(u'Dieser Benutzername ist schon vergeben')
+
 
 class RegisterCompleteForm(Form):
     password = PasswordField('Passwort', [validators.Required(),
author	Marian Sigler <m@qjym.de>	2012-09-26 23:46:15 +0200
committer	Marian Sigler <m@qjym.de>	2012-09-26 23:46:15 +0200
commit	dfdd6899668bb153bfe992566ec1d11de29f2ad7 (patch)
tree	7998631746076a26d75ad4ed1603c65af9bb45c8
parent	dfa0c8f473dab87dfa69ebab3a70883dab03b236 (diff)
download	web-dfdd6899668bb153bfe992566ec1d11de29f2ad7.tar.gz web-dfdd6899668bb153bfe992566ec1d11de29f2ad7.tar.bz2 web-dfdd6899668bb153bfe992566ec1d11de29f2ad7.zip