From 997fed7eaa5f85ece84658a65589cd099e6176b4 Mon Sep 17 00:00:00 2001
From: Prateek Jain <prateekj1171998@gmail.com>
Date: Sat, 6 Jun 2020 18:09:07 +0530
Subject: [PATCH] Check invalid username from lists in login

---
 securedrop/models.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/securedrop/models.py b/securedrop/models.py
index 56f2397465a..1de595c1609 100644
--- a/securedrop/models.py
+++ b/securedrop/models.py
@@ -663,13 +663,15 @@ def throttle_login(cls, user):
     @classmethod
     def login(cls, username, password, token):
         # type: (str, str, str) -> Journalist
+        invalid_usernames = ['deleted']
+
         try:
             user = Journalist.query.filter_by(username=username).one()
         except NoResultFound:
             raise InvalidUsernameException(
                 "invalid username '{}'".format(username))
 
-        if user.username == 'deleted' and user.uuid == 'deleted':
+        if user.username in invalid_usernames and user.uuid in invalid_usernames:
             raise InvalidUsernameException(
                 "Invalid username '{}'".format(username))