From ceb9e8cb7c4516c242b0ce67b5a0852af63f9499 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Stefan=20K=C3=B6gl?= <stefan@skoegl.net>
Date: Fri, 12 Sep 2014 18:27:45 +0200
Subject: [PATCH] [Users] fix username pattern and validation

---
 mygpo/api/urls.py                 | 32 ++++++++++++++++----------------
 mygpo/podcastlists/urls.py        | 16 ++++++++--------
 mygpo/publisher/urls.py           |  4 ++--
 mygpo/share/urls.py               |  2 +-
 mygpo/subscriptions/urls.py       |  2 +-
 mygpo/userfeeds/urls.py           |  2 +-
 mygpo/users/views/registration.py |  3 ++-
 mygpo/web/urls.py                 |  4 ++--
 8 files changed, 33 insertions(+), 32 deletions(-)

diff --git a/mygpo/api/urls.py b/mygpo/api/urls.py
index 61c3f951..62a6a5fe 100644
--- a/mygpo/api/urls.py
+++ b/mygpo/api/urls.py
@@ -7,8 +7,8 @@ urlpatterns = patterns('',
 )
 
 urlpatterns += patterns('mygpo.api.simple',
-    (r'^subscriptions/(?P<username>[\w.-]+)/(?P<device_uid>[\w.-]+)\.(?P<format>\w+)', 'subscriptions'),
-    (r'^subscriptions/(?P<username>[\w.-]+)\.(?P<format>\w+)', 'all_subscriptions'),
+    (r'^subscriptions/(?P<username>[\w.+-]+)/(?P<device_uid>[\w.-]+)\.(?P<format>\w+)', 'subscriptions'),
+    (r'^subscriptions/(?P<username>[\w.+-]+)\.(?P<format>\w+)', 'all_subscriptions'),
  url(r'^toplist/(?P<count>\d+)\.(?P<format>\w+)', 'toplist',                   name='toplist-opml'),
     (r'^search\.(?P<format>\w+)', 'search'),
  url(r'^suggestions/(?P<count>\d+)\.(?P<format>\w+)', 'suggestions',           name='suggestions-opml'),
@@ -20,30 +20,30 @@ from mygpo.api.subscriptions import SubscriptionsAPI
 from mygpo.api.advanced.updates import DeviceUpdates
 
 urlpatterns += patterns('mygpo.api.advanced',
- url(r'^api/(?P<version>[12])/subscriptions/(?P<username>[\w.-]+)/(?P<device_uid>[\w.-]+)\.json',
+ url(r'^api/(?P<version>[12])/subscriptions/(?P<username>[\w.+-]+)/(?P<device_uid>[\w.-]+)\.json',
      SubscriptionsAPI.as_view(), name='subscriptions-api'),
 
- url(r'^api/(?P<version>[12])/episodes/(?P<username>[\w.-]+)\.json', 'episodes'),
-    (r'^api/[12]/devices/(?P<username>[\w.-]+)/(?P<device_uid>[\w.-]+)\.json', 'device'),
-    (r'^api/[12]/devices/(?P<username>[\w.-]+)\.json', 'devices'),
+ url(r'^api/(?P<version>[12])/episodes/(?P<username>[\w.+-]+)\.json', 'episodes'),
+    (r'^api/[12]/devices/(?P<username>[\w.+-]+)/(?P<device_uid>[\w.-]+)\.json', 'device'),
+    (r'^api/[12]/devices/(?P<username>[\w.+-]+)\.json', 'devices'),
 
-    (r'^api/2/auth/(?P<username>[\w.-]+)/login\.json', 'auth.login'),
-    (r'^api/2/auth/(?P<username>[\w.-]+)/logout\.json', 'auth.logout'),
+    (r'^api/2/auth/(?P<username>[\w.+-]+)/login\.json', 'auth.login'),
+    (r'^api/2/auth/(?P<username>[\w.+-]+)/logout\.json', 'auth.logout'),
     (r'^api/2/tags/(?P<count>\d+)\.json', 'directory.top_tags'),
     (r'^api/2/tag/(?P<tag>[^/]+)/(?P<count>\d+)\.json', 'directory.tag_podcasts'),
     (r'^api/2/data/podcast\.json', 'directory.podcast_info'),
  url(r'^api/2/data/episode\.json', 'directory.episode_info', name='api-episode-info'),
 
-    (r'^api/2/chapters/(?P<username>[\w.-]+)\.json', 'episode.chapters'),
-    (r'^api/2/updates/(?P<username>[\w.-]+)/(?P<device_uid>[\w.-]+)\.json',
+    (r'^api/2/chapters/(?P<username>[\w.+-]+)\.json', 'episode.chapters'),
+    (r'^api/2/updates/(?P<username>[\w.+-]+)/(?P<device_uid>[\w.-]+)\.json',
         DeviceUpdates.as_view()),
 
-    (r'^api/2/settings/(?P<username>[\w.-]+)/(?P<scope>account|device|podcast|episode)\.json', 'settings.main'),
-    (r'^api/2/favorites/(?P<username>[\w.-]+).json', 'favorites'),
+    (r'^api/2/settings/(?P<username>[\w.+-]+)/(?P<scope>account|device|podcast|episode)\.json', 'settings.main'),
+    (r'^api/2/favorites/(?P<username>[\w.+-]+).json', 'favorites'),
 
-    (r'^api/2/lists/(?P<username>[\w.-]+)/create\.(?P<format>\w+)', 'lists.create'),
-    (r'^api/2/lists/(?P<username>[\w.-]+)\.json',                   'lists.get_lists'),
- url(r'^api/2/lists/(?P<username>[\w.-]+)/list/(?P<listname>[\w-]+)\.(?P<format>\w+)', 'lists.podcast_list', name='api-get-list'),
+    (r'^api/2/lists/(?P<username>[\w.+-]+)/create\.(?P<format>\w+)', 'lists.create'),
+    (r'^api/2/lists/(?P<username>[\w.+-]+)\.json',                   'lists.get_lists'),
+ url(r'^api/2/lists/(?P<username>[\w.+-]+)/list/(?P<listname>[\w-]+)\.(?P<format>\w+)', 'lists.podcast_list', name='api-get-list'),
 
-    (r'^api/2/sync-devices/(?P<username>\w+)\.json', 'sync.main'),
+    (r'^api/2/sync-devices/(?P<username>[\w.+-]+)\.json', 'sync.main'),
 )
diff --git a/mygpo/podcastlists/urls.py b/mygpo/podcastlists/urls.py
index 963efd0f..9a3ab1aa 100644
--- a/mygpo/podcastlists/urls.py
+++ b/mygpo/podcastlists/urls.py
@@ -11,35 +11,35 @@ urlpatterns = [
     views.create_list,
     name='list-create'),
 
- url(r'^user/(?P<username>[\w.-]+)/lists/$',
+ url(r'^user/(?P<username>[\w.+-]+)/lists/$',
     views.lists_user,
     name='lists-user'),
 
- url(r'^user/(?P<username>[\w.-]+)/list/(?P<slug>[\w-]+)$',
+ url(r'^user/(?P<username>[\w.+-]+)/list/(?P<slug>[\w-]+)$',
     views.list_show,
     name='list-show'),
 
- url(r'^user/(?P<username>[\w.-]+)/list/(?P<slug>[\w-]+)\.opml$',
+ url(r'^user/(?P<username>[\w.+-]+)/list/(?P<slug>[\w-]+)\.opml$',
     views.list_opml,
     name='list-opml'),
 
- url(r'^user/(?P<username>[\w.-]+)/list/(?P<slug>[\w-]+)/search$',
+ url(r'^user/(?P<username>[\w.+-]+)/list/(?P<slug>[\w-]+)/search$',
     views.search,
     name='list-search'),
 
- url(r'^user/(?P<username>[\w.-]+)/list/(?P<slug>[\w-]+)/add/(?P<podcast_id>\w+)$',
+ url(r'^user/(?P<username>[\w.+-]+)/list/(?P<slug>[\w-]+)/add/(?P<podcast_id>\w+)$',
     views.add_podcast,
     name='list-add-podcast'),
 
- url(r'^user/(?P<username>[\w.-]+)/list/(?P<slug>[\w-]+)/remove/(?P<order>\d+)$',
+ url(r'^user/(?P<username>[\w.+-]+)/list/(?P<slug>[\w-]+)/remove/(?P<order>\d+)$',
     views.remove_podcast,
     name='list-remove-podcast'),
 
- url(r'^user/(?P<username>[\w.-]+)/list/(?P<slug>[\w-]+)/delete$',
+ url(r'^user/(?P<username>[\w.+-]+)/list/(?P<slug>[\w-]+)/delete$',
     views.delete_list,
     name='list-delete'),
 
- url(r'^user/(?P<username>[\w.-]+)/list/(?P<slug>[\w-]+)/rate$',
+ url(r'^user/(?P<username>[\w.+-]+)/list/(?P<slug>[\w-]+)/rate$',
     views.rate_list,
     name='list-rate'),
 ]
diff --git a/mygpo/publisher/urls.py b/mygpo/publisher/urls.py
index 2c6f22ee..7b646d45 100644
--- a/mygpo/publisher/urls.py
+++ b/mygpo/publisher/urls.py
@@ -2,8 +2,8 @@ from django.conf.urls import *
 
 urlpatterns = patterns('mygpo.publisher.views',
  url(r'^$',                             'home',                        name='publisher'),
- url(r'^(?P<username>[\w.-]+)/update$', 'update_published_podcasts',   name='publisher-update'),
- url(r'^(?P<username>[\w.-]+)/update-token', 'new_update_token',       name='publisher-new-update-token'),
+ url(r'^(?P<username>[\w.+-]+)/update$', 'update_published_podcasts',   name='publisher-update'),
+ url(r'^(?P<username>[\w.+-]+)/update-token', 'new_update_token',       name='publisher-new-update-token'),
 
  url(r'^podcast/(?P<slug>[\w-]+)/$',
       'podcast_slug',            name='podcast-publisher-detail-slug'),
diff --git a/mygpo/share/urls.py b/mygpo/share/urls.py
index e32967ff..1597833e 100644
--- a/mygpo/share/urls.py
+++ b/mygpo/share/urls.py
@@ -61,5 +61,5 @@ urlpatterns = patterns('mygpo.share.views',
 )
 
 urlpatterns += patterns('mygpo.share.userpage',
- url(r'^user/(?P<username>[\w.-]+)/?$', UserpageView.as_view(), name='user'),
+ url(r'^user/(?P<username>[\w.+-]+)/?$', UserpageView.as_view(), name='user'),
  )
diff --git a/mygpo/subscriptions/urls.py b/mygpo/subscriptions/urls.py
index 4098b04d..d765e78b 100644
--- a/mygpo/subscriptions/urls.py
+++ b/mygpo/subscriptions/urls.py
@@ -9,7 +9,7 @@ urlpatterns = [
      'mygpo.subscriptions.views.download_all',
      name='subscriptions-opml'),
 
- url(r'^user/(?P<username>[\w.-]+)/subscriptions/rss/$',
+ url(r'^user/(?P<username>[\w.+-]+)/subscriptions/rss/$',
      'mygpo.subscriptions.views.subscriptions_feed',
      name='shared-subscriptions-rss'),
 ]
diff --git a/mygpo/userfeeds/urls.py b/mygpo/userfeeds/urls.py
index c30316d4..4f18b56f 100644
--- a/mygpo/userfeeds/urls.py
+++ b/mygpo/userfeeds/urls.py
@@ -1,5 +1,5 @@
 from django.conf.urls import *
 
 urlpatterns = patterns('mygpo.userfeeds.views',
- url(r'^user/(?P<username>[\w.-]+)/favorites.xml$', 'favorite_feed', name='favorites-feed'),
+ url(r'^user/(?P<username>[\w.+-]+)/favorites.xml$', 'favorite_feed', name='favorites-feed'),
 )
diff --git a/mygpo/users/views/registration.py b/mygpo/users/views/registration.py
index 8f222eab..5a56763d 100644
--- a/mygpo/users/views/registration.py
+++ b/mygpo/users/views/registration.py
@@ -21,7 +21,7 @@ from mygpo.users.models import UserProxy
 
 USERNAME_MAXLEN = get_user_model()._meta.get_field('username').max_length
 
-USERNAME_REGEX = re.compile(r'\w[\w.-]{2,}')
+USERNAME_REGEX = re.compile(r'^\w[\w.+-]*$')
 
 
 class UsernameValidator(RegexValidator):
@@ -77,6 +77,7 @@ class RegistrationView(FormView):
         user.email = form.cleaned_data['email']
         user.set_password(form.cleaned_data['password1'])
         user.is_active = False
+        user.full_clean()
         user.save()
 
         user.profile.uuid == uuid.uuid1()
diff --git a/mygpo/web/urls.py b/mygpo/web/urls.py
index 71f50612..a245e109 100644
--- a/mygpo/web/urls.py
+++ b/mygpo/web/urls.py
@@ -29,8 +29,8 @@ urlpatterns = patterns('mygpo.web.views',
 )
 
 urlpatterns += patterns('mygpo.web.views.subscriptions',
- url(r'^user/(?P<username>[\w.-]+)/subscriptions$',                   'for_user',      name='shared-subscriptions'),
- url(r'^user/(?P<username>[\w.-]+)/subscriptions\.opml$',             'for_user_opml', name='shared-subscriptions-opml'),
+ url(r'^user/(?P<username>[\w.+-]+)/subscriptions$',                   'for_user',      name='shared-subscriptions'),
+ url(r'^user/(?P<username>[\w.+-]+)/subscriptions\.opml$',             'for_user_opml', name='shared-subscriptions-opml'),
 )
 
 urlpatterns += patterns('mygpo.web.views.podcast',
-- 
2.11.4.GIT