From f977b8ee3e46b3b3ead86d08b3ef6298a4b430b9 Mon Sep 17 00:00:00 2001
From: Marian Sigler <m@qjym.de>
Date: Fri, 5 Oct 2012 22:09:57 +0200
Subject: Disallow usernames starting with admin or root. Allow digits.

---
 forms.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'forms.py')

diff --git a/forms.py b/forms.py
index a65d45c..bbdfabe 100644
--- a/forms.py
+++ b/forms.py
@@ -4,7 +4,7 @@ from flask import g, current_app, session, url_for, Markup
 from flask.ext.wtf import Form, validators, TextField, PasswordField,\
                           ValidationError, BooleanField
 from functools import partial
-from utils import _username_re, decrypt_password
+from utils import _username_re, _username_exclude_re, decrypt_password, NotRegexp
 
 
 username = partial(TextField, 'Benutzername', [validators.Regexp(_username_re,
@@ -12,7 +12,11 @@ username = partial(TextField, 'Benutzername', [validators.Regexp(_username_re,
 
 
 class RegisterForm(Form):
-    username = username()
+    username = TextField('Benutzername', [
+        validators.Regexp(_username_re, message=u'Benutzername darf nur aus '
+            u'a-z, Zahlen und - bestehen (2-16 Zeichen, am Anfang nur a-z).'),
+        NotRegexp(_username_exclude_re, message=u'Dieser Benutzername ist nicht erlaubt.'),
+    ])
     mail = TextField('E-Mail-Adresse', [validators.Email(), validators.Length(min=6, max=50)])
 
     def validate_username(form, field):
@@ -49,7 +53,7 @@ class RegisterCompleteForm(Form):
 
 
 class LoginForm(Form):
-    username = username()
+    username = TextField(u'Benutzername')
     password = PasswordField('Passwort', [validators.Required()])
 
 
-- 
cgit v1.2.3-1-g7c22