From 364902bc3f3b33c2b36bb0c2644e931aeeaeb381 Mon Sep 17 00:00:00 2001
From: Enzo Zuccolotto <enzozuccolotto@gmail.com>
Date: Wed, 8 Apr 2015 21:51:43 -0300
Subject: Validates username before request user creation on leap server

-- Issue #147

@anikarni and @enzoz pairing
---
 service/pixelated/config/register.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'service/pixelated')

diff --git a/service/pixelated/config/register.py b/service/pixelated/config/register.py
index 3f93aa8d..5e5d94a8 100644
--- a/service/pixelated/config/register.py
+++ b/service/pixelated/config/register.py
@@ -13,6 +13,7 @@
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
+import re
 
 from pixelated.bitmask_libraries.leap_srp import LeapAuthException
 from pixelated.bitmask_libraries.register import register_new_user
@@ -20,6 +21,15 @@ from pixelated.bitmask_libraries.register import register_new_user
 
 def register(username, server_name):
     try:
+        validate_username(username)
         register_new_user(username, server_name)
     except LeapAuthException:
         print('User already exists')
+    except ValueError:
+        print('Only lowercase letters, digits, . - and _ allowed.')
+
+
+def validate_username(username):
+    accepted_characters = '^[a-z0-9\-\_]*$'
+    if not re.match(accepted_characters, username):
+        raise ValueError
-- 
cgit v1.2.3