From 04b45c8a76c44e81a44f096af9a96a1d039a7d0a Mon Sep 17 00:00:00 2001 From: bohare Date: Thu, 9 Mar 2017 16:44:21 +0000 Subject: [PATCH] Fix #946: Make usernames case insensitive --- cadasta/accounts/forms.py | 9 ++- cadasta/accounts/serializers.py | 4 ++ cadasta/accounts/tests/test_forms.py | 75 ++++++++++++++++++++-- cadasta/accounts/tests/test_serializers.py | 38 +++++++++++ cadasta/accounts/validators.py | 12 ++++ 5 files changed, 127 insertions(+), 11 deletions(-) diff --git a/cadasta/accounts/forms.py b/cadasta/accounts/forms.py index fde9ff6d9..d6898b283 100644 --- a/cadasta/accounts/forms.py +++ b/cadasta/accounts/forms.py @@ -6,6 +6,7 @@ from allauth.account import forms as allauth_forms from .models import User, now_plus_48_hours +from .validators import check_username_case_insensitive from parsley.decorators import parsleyfy @@ -23,6 +24,7 @@ class Meta: def clean_username(self): username = self.data.get('username') + check_username_case_insensitive(username) if username.lower() in settings.CADASTA_INVALID_ENTITY_NAMES: raise forms.ValidationError( _("Username cannot be “add” or “new”.")) @@ -76,10 +78,8 @@ def __init__(self, *args, **kwargs): def clean_username(self): username = self.data.get('username') - if (self.instance.username != username and - User.objects.filter(username=username).exists()): - raise forms.ValidationError( - _("Another user with this username already exists")) + if self.instance.username.casefold() != username.casefold(): + check_username_case_insensitive(username) if username.lower() in settings.CADASTA_INVALID_ENTITY_NAMES: raise forms.ValidationError( _("Username cannot be “add” or “new”.")) @@ -102,7 +102,6 @@ def clean_email(self): def save(self, *args, **kwargs): user = super().save(commit=False, *args, **kwargs) - if self._send_confirmation: send_email_confirmation(self.request, user) self._send_confirmation = False diff --git a/cadasta/accounts/serializers.py b/cadasta/accounts/serializers.py index 744701cce..31a2568e4 100644 --- a/cadasta/accounts/serializers.py +++ b/cadasta/accounts/serializers.py @@ -8,6 +8,7 @@ from djoser import serializers as djoser_serializers from .models import User +from .validators import check_username_case_insensitive from .exceptions import EmailNotVerifiedError @@ -35,6 +36,7 @@ class Meta: } def validate_username(self, username): + check_username_case_insensitive(username) if username.lower() in settings.CADASTA_INVALID_ENTITY_NAMES: raise ValidationError( _("Username cannot be “add” or “new”.")) @@ -90,6 +92,8 @@ def validate_username(self, username): username != instance.username and self.context['request'].user != instance): raise ValidationError('Cannot update username') + if instance.username.casefold() != username.casefold(): + check_username_case_insensitive(username) if username.lower() in settings.CADASTA_INVALID_ENTITY_NAMES: raise ValidationError( _("Username cannot be “add” or “new”.")) diff --git a/cadasta/accounts/tests/test_forms.py b/cadasta/accounts/tests/test_forms.py index 6de5bb372..45c53c2e6 100644 --- a/cadasta/accounts/tests/test_forms.py +++ b/cadasta/accounts/tests/test_forms.py @@ -1,18 +1,17 @@ import random -from django.utils.translation import gettext as _ -from django.test import TestCase +from core.tests.utils.cases import UserTestCase +from django.contrib.messages.storage.fallback import FallbackStorage from django.core import mail from django.http import HttpRequest -from django.contrib.messages.storage.fallback import FallbackStorage from django.db import IntegrityError from allauth.account.models import EmailAddress from allauth.account.utils import send_email_confirmation +from django.test import TestCase +from django.utils.translation import gettext as _ -from ..models import User from .. import forms -from core.tests.utils.cases import UserTestCase - +from ..models import User from .factories import UserFactory @@ -34,6 +33,37 @@ def test_valid_data(self): user = User.objects.first() assert user.check_password('iloveyoko79!') is True + def test_case_insensitive_username(self): + chars = ['', 'İ', 'É', 'Ø', 'œ', 'ß', 'ss', 'Ξ', 'ф', '大家好'] + usernames = ['UsEr%s' % c for c in chars] + users = [ + UserFactory.create(username=username) for username in usernames] + for user in users: + data = { + 'username': user.username.lower(), + 'email': '%s@beatles.uk' % user.username, + 'password1': 'iloveyoko79!', + 'password2': 'iloveyoko79!', + 'full_name': 'John Lennon', + } + form = forms.RegisterForm(data) + assert form.is_valid() is False + assert (_("A user with that username already exists") in + form.errors.get('username')) + + user = UserFactory.create(username='JohNlEnNoN') + data = { + 'username': 'johnLennon', + 'email': 'john@beatles.uk', + 'password1': 'iloveyoko79!', + 'password2': 'iloveyoko79!', + 'full_name': 'John Lennon', + } + form = forms.RegisterForm(data) + assert form.is_valid() is False + assert (_("A user with that username already exists") in + form.errors.get('username')) + def test_passwords_do_not_match(self): data = { 'username': 'imagine71', @@ -259,6 +289,39 @@ def test_update_user_with_existing_username(self): form = forms.ProfileForm(data, instance=user) assert form.is_valid() is False + def test_case_insensitive_username(self): + existing_user = UserFactory.create(username='TestUser') + chars = ['', 'İ', 'É', 'Ø', 'œ', 'ß', 'ss', 'Ξ', 'ф', '大家好'] + usernames = ['UsEr%s' % c for c in chars] + users = [ + UserFactory.create(username=username) for username in usernames] + for user in users: + data = { + 'username': user.username.lower(), + 'email': '%s@beatles.uk' % user.username, + 'full_name': 'John Lennon', + } + form = forms.ProfileForm(data, instance=existing_user) + assert form.is_valid() is False + assert (_("A user with that username already exists") in + form.errors.get('username')) + existing_user.refresh_from_db() + assert existing_user.username == 'TestUser' + + user = UserFactory.create( + username='JohNlEnNoN', email='john@beatles.uk') + data = { + 'username': 'johnLennon', + 'email': 'john@beatles.uk', + 'full_name': 'John Lennon', + } + form = forms.ProfileForm(data, instance=user) + assert form.is_valid() is True + form.save() + + user.refresh_from_db() + assert user.username == 'johnLennon' + def test_update_user_with_existing_email(self): UserFactory.create(email='existing@example.com') user = UserFactory.create(username='imagine71', diff --git a/cadasta/accounts/tests/test_serializers.py b/cadasta/accounts/tests/test_serializers.py index d13a32a82..548511f24 100644 --- a/cadasta/accounts/tests/test_serializers.py +++ b/cadasta/accounts/tests/test_serializers.py @@ -41,6 +41,24 @@ def test_create_with_valid_data(self): assert user_obj.is_active assert not user_obj.email_verified + def test_case_insensitive_username(self): + usernames = ['UsErOne', 'useRtWo', 'uSERthReE'] + users = [ + UserFactory.create(username=username) for username in usernames] + for user in users: + TEST_DATA = BASIC_TEST_DATA.copy() + TEST_DATA['username'] = user.username.lower() + serializer = serializers.RegistrationSerializer(data=TEST_DATA) + assert serializer.is_valid() is False + assert (_("A user with that username already exists") + in serializer._errors['username']) + TEST_DATA = BASIC_TEST_DATA.copy() + TEST_DATA['username'] = 'userFour' + serializer = serializers.RegistrationSerializer(data=TEST_DATA) + assert serializer.is_valid() + serializer.save() + assert User.objects.count() == 4 + def test_create_without_email(self): """Serialiser should be invalid when no email address is provided.""" @@ -221,6 +239,26 @@ def test_update_username_fails(self): assert not serializer2.is_valid() assert serializer2.errors['username'] == ['Cannot update username'] + def test_case_insensitive_username(self): + data = { + 'username': 'USERtwO', + 'email': 'john@beatles.uk', + 'password': 'iloveyoko79', + 'full_name': 'John Lennon' + } + usernames = ['UsErOne', 'useRtWo', 'uSERthReE'] + users = [ + UserFactory.create(username=username) for username in usernames] + request = APIRequestFactory().patch( + '/user/userone', data) + force_authenticate(request, user=users[0]) + serializer = serializers.UserSerializer( + users[0], data, context={'request': Request(request)}) + assert serializer.is_valid() is False + assert serializer.errors['username'] == [ + _("A user with that username already exists") + ] + def test_update_last_login_fails(self): serializer = serializers.UserSerializer(data=BASIC_TEST_DATA) assert serializer.is_valid() diff --git a/cadasta/accounts/validators.py b/cadasta/accounts/validators.py index 2d90cb741..a377fecd7 100644 --- a/cadasta/accounts/validators.py +++ b/cadasta/accounts/validators.py @@ -2,6 +2,7 @@ from django.core.exceptions import ValidationError from django.utils.translation import ugettext as _ +from .models import User DEFAULT_CHARACTER_TYPES = [ string.ascii_lowercase, @@ -47,3 +48,14 @@ def validate(self, password, user=None): if len(email[0]) and email[0].casefold() in password.casefold(): raise ValidationError( _("Passwords cannot contain your email.")) + + +def check_username_case_insensitive(username): + usernames = [ + u.casefold() for u in + User.objects.values_list('username', flat=True) + ] + if username.casefold() in usernames: + raise ValidationError( + _("A user with that username already exists") + )