5 files changed, 52 insertions, 16 deletions
diff --git a/changes/bug-5695_fix-username-regex-support b/changes/bug-5695_fix-username-regex-support
new file mode 100644
index 00000000..855ec149
--- /dev/null
+++ b/changes/bug-5695_fix-username-regex-support
@@ -0,0 +1,3 @@
+- Update username regex to support the same as webapp. Closes #5965.
+- Wrong error message for username too short. (Bug #5697)
+- Cleanup and refactor username/password validators.
diff --git a/src/leap/bitmask/gui/login.py b/src/leap/bitmask/gui/login.py
index ac7ad878..f66e71d9 100644
--- a/src/leap/bitmask/gui/login.py
+++ b/src/leap/bitmask/gui/login.py
@@ -24,6 +24,7 @@ from ui_login import Ui_LoginWidget
 
 from leap.bitmask.config import flags
 from leap.bitmask.util import make_address
+from leap.bitmask.util.credentials import USERNAME_REGEX
 from leap.bitmask.util.keyring_helpers import has_keyring
 from leap.bitmask.util.keyring_helpers import get_keyring
 from leap.common.check import leap_assert_type
@@ -48,8 +49,6 @@ class LoginWidget(QtGui.QWidget):
 
     MAX_STATUS_WIDTH = 40
 
-    BARE_USERNAME_REGEX = r"^[A-Za-z\d_]+$"
-
     # Keyring
     KEYRING_KEY = "bitmask"
 
@@ -87,7 +86,7 @@ class LoginWidget(QtGui.QWidget):
         self.ui.btnLogout.clicked.connect(
             self.logout)
 
-        username_re = QtCore.QRegExp(self.BARE_USERNAME_REGEX)
+        username_re = QtCore.QRegExp(USERNAME_REGEX)
         self.ui.lnUser.setValidator(
             QtGui.QRegExpValidator(username_re, self))
 
diff --git a/src/leap/bitmask/gui/preferenceswindow.py b/src/leap/bitmask/gui/preferenceswindow.py
index 47011a85..0a4c7f56 100644
--- a/src/leap/bitmask/gui/preferenceswindow.py
+++ b/src/leap/bitmask/gui/preferenceswindow.py
@@ -27,7 +27,7 @@ from PySide import QtCore, QtGui
 from leap.bitmask.provider import get_provider_path
 from leap.bitmask.config.leapsettings import LeapSettings
 from leap.bitmask.gui.ui_preferences import Ui_Preferences
-from leap.bitmask.util.password import basic_password_checks
+from leap.bitmask.util.credentials import password_checks
 from leap.bitmask.services import get_supported
 from leap.bitmask.config.providerconfig import ProviderConfig
 from leap.bitmask.services import get_service_display_name, MX_SERVICE
@@ -198,7 +198,7 @@ class PreferencesWindow(QtGui.QDialog):
         new_password = self.ui.leNewPassword.text()
         new_password2 = self.ui.leNewPassword2.text()
 
-        ok, msg = basic_password_checks(username, new_password, new_password2)
+        ok, msg = password_checks(username, new_password, new_password2)
 
         if not ok:
             self._set_changing_password(False)
diff --git a/src/leap/bitmask/gui/wizard.py b/src/leap/bitmask/gui/wizard.py
index 316b2bff..ce45b431 100644
--- a/src/leap/bitmask/gui/wizard.py
+++ b/src/leap/bitmask/gui/wizard.py
@@ -29,8 +29,9 @@ from leap.bitmask.config.leapsettings import LeapSettings
 from leap.bitmask.config.providerconfig import ProviderConfig
 from leap.bitmask.provider import get_provider_path
 from leap.bitmask.services import get_service_display_name, get_supported
+from leap.bitmask.util.credentials import password_checks, username_checks
+from leap.bitmask.util.credentials import USERNAME_REGEX
 from leap.bitmask.util.keyring_helpers import has_keyring
-from leap.bitmask.util.password import basic_password_checks
 
 from ui_wizard import Ui_Wizard
 
@@ -49,8 +50,6 @@ class Wizard(QtGui.QWizard):
     REGISTER_USER_PAGE = 4
     SERVICES_PAGE = 5
 
-    BARE_USERNAME_REGEX = r"^[A-Za-z\d_]+$"
-
     def __init__(self, backend, bypass_checks=False):
         """
         Constructor for the main Wizard.
@@ -118,7 +117,7 @@ class Wizard(QtGui.QWizard):
 
         self.ui.rbExistingProvider.toggled.connect(self._skip_provider_checks)
 
-        usernameRe = QtCore.QRegExp(self.BARE_USERNAME_REGEX)
+        usernameRe = QtCore.QRegExp(USERNAME_REGEX)
         self.ui.lblUser.setValidator(
             QtGui.QRegExpValidator(usernameRe, self))
 
@@ -231,6 +230,12 @@ class Wizard(QtGui.QWizard):
         if reset:
             self._reset_provider_check()
 
+    def _focus_username(self):
+        """
+        Focus at the username lineedit for the registration page
+        """
+        self.ui.lblUser.setFocus()
+
     def _focus_password(self):
         """
         Focuses at the password lineedit for the registration page
@@ -253,16 +258,22 @@ class Wizard(QtGui.QWizard):
         password = self.ui.lblPassword.text()
         password2 = self.ui.lblPassword2.text()
 
-        ok, msg = basic_password_checks(username, password, password2)
-        if ok:
+        user_ok, msg = username_checks(username)
+        if user_ok:
+            pass_ok, msg = password_checks(username, password, password2)
+
+        if user_ok and pass_ok:
             self._set_register_status(self.tr("Starting registration..."))
 
             self._backend.user_register(self._domain, username, password)
             self._username = username
             self._password = password
         else:
+            if user_ok:
+                self._focus_password()
+            else:
+                self._focus_username()
             self._set_register_status(msg, error=True)
-            self._focus_password()
             self.ui.btnRegister.setEnabled(True)
 
     def _set_registration_fields_visibility(self, visible):
diff --git a/src/leap/bitmask/util/password.py b/src/leap/bitmask/util/credentials.py
index 73659f0d..a661bfb0 100644
--- a/src/leap/bitmask/util/password.py
+++ b/src/leap/bitmask/util/credentials.py
@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-# password.py
+# credentials.py
 # Copyright (C) 2013 LEAP
 #
 # This program is free software: you can redistribute it and/or modify
@@ -16,14 +16,34 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 """
-Password utilities
+Credentials utilities
 """
-from PySide import QtCore
+from PySide import QtCore, QtGui
 
 WEAK_PASSWORDS = ("123456", "qweasd", "qwerty", "password")
+USERNAME_REGEX = r"^[A-Za-z][A-Za-z\d_\-\.]+[A-Za-z]$"
 
+USERNAME_VALIDATOR = QtGui.QRegExpValidator(QtCore.QRegExp(USERNAME_REGEX))
 
-def basic_password_checks(username, password, password2):
+
+def username_checks(username):
+    # translation helper
+    _tr = QtCore.QObject().tr
+
+    message = None
+
+    if message is None and len(username) < 2:
+        message = _tr("Username must have at least 2 characters")
+
+    valid = USERNAME_VALIDATOR.validate(username, 0)
+    valid_username = valid[0] == QtGui.QValidator.State.Acceptable
+    if message is None and not valid_username:
+        message = _tr("Invalid username")
+
+    return message is None, message
+
+
+def password_checks(username, password, password2):
     """
     Performs basic password checks to avoid really easy passwords.
 
@@ -46,6 +66,9 @@ def basic_password_checks(username, password, password2):
     if message is None and password != password2:
         message = _tr("Passwords don't match")
 
+    if message is None and not password:
+        message = _tr("You can't use an empty password")
+
     if message is None and len(password) < 6:
         message = _tr("Password too short")