Merge pull request #817 from Gluejar/username-screening

add username screening

libraryauth/admin.py

@@ -1,5 +1,5 @@
 from django import forms
-from django.contrib.admin import ModelAdmin, site
+from django.contrib.admin import ModelAdmin, site, register
 from django.contrib.auth.models import User
 
 from selectable.base import ModelLookup
@@ -30,25 +30,27 @@ class LibraryAdminForm(forms.ModelForm):
         widgets = {'group':forms.HiddenInput}
         exclude = ('group', )
 
-
+@register(models.Library)
 class LibraryAdmin(ModelAdmin):
     list_display = ('user', )
     form = LibraryAdminForm
     search_fields = ['user__username']
 
+@register(models.Block)
 class BlockAdmin(ModelAdmin):
     list_display = ('library', 'lower', 'upper',)
     search_fields = ('library__name', 'lower', 'upper',)
 
+@register(models.CardPattern)
 class CardPatternAdmin(ModelAdmin):
     list_display = ('library', 'pattern', 'checksum',)
     search_fields = ('library__name', )
 
+@register(models.EmailPattern)
 class EmailPatternAdmin(ModelAdmin):
     list_display = ('library', 'pattern', )
     search_fields = ('library__name',)
 
-site.register(models.Library, LibraryAdmin)
+@register(models.BadUsernamePattern)
-site.register(models.Block, BlockAdmin)
+class EmailPatternAdmin(ModelAdmin):
-site.register(models.CardPattern, CardPatternAdmin)
+    list_display = ('pattern', 'last')
-site.register(models.EmailPattern, EmailPatternAdmin)

libraryauth/migrations/0003_badusernamepattern.py

@@ -0,0 +1,24 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.14 on 2018-12-06 17:32
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+import django.utils.timezone
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('libraryauth', '0002_auto_20160727_2214'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='BadUsernamePattern',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('pattern', models.CharField(max_length=100)),
+                ('last', models.DateTimeField(default=django.utils.timezone.now)),
+            ],
+        ),
+    ]

libraryauth/models.py

@@ -10,6 +10,7 @@ from django.db import models
 from django.db.models.signals import post_save
 from django.forms import GenericIPAddressField as BaseIPAddressField
 from django.urls import reverse
+from django.utils import timezone 
 
 class Library(models.Model):
     '''
@@ -291,3 +292,13 @@ class EmailPattern(models.Model):
 
     def is_valid(self, email):
         return email.lower().endswith(self.pattern.lower())
+        
+class BadUsernamePattern(models.Model):
+    pattern = models.CharField(max_length=100)
+    last = models.DateTimeField(default=timezone.now)
+    
+    def matches(self, username):
+        if re.match(self.pattern, username):
+            self.last = timezone.now()
+            return True
+        return False

libraryauth/views.py

@@ -1,7 +1,7 @@
 import logging
 from django.conf import settings
 from django.urls import reverse
-from django.shortcuts import get_object_or_404, render
+from django.shortcuts import get_object_or_404, redirect, render
 from django.contrib.auth import login as login_to_user
 from django.contrib.auth import load_backend
 from django.contrib.auth.decorators import login_required
@@ -15,7 +15,7 @@ from django.views.generic.edit import CreateView, UpdateView
 from registration.backends.model_activation.views import RegistrationView
 
 from . import backends
-from .models import Library
+from .models import Library, BadUsernamePattern
 from .forms import LibraryForm, NewLibraryForm, RegistrationFormNoDisposableEmail, UserData
 
 logger = logging.getLogger(__name__)
@@ -288,6 +288,15 @@ class CustomRegistrationView(RegistrationView):
         q = self.request.session.get('q', False)
         if q and q in robot_qs:
             return self.render_to_response({'form':form})
+        for bad_pattern in BadUsernamePattern.objects.all():
+            if bad_pattern.matches(form.cleaned_data['username']):                
+                # pretend success
+                success_url = self.get_success_url(None)
+                try:
+                    to, args, kwargs = success_url
+                    return redirect(to, *args, **kwargs)
+                except ValueError:
+                    return redirect(success_url)
         return super(CustomRegistrationView, self).form_valid(form)
 
 def edit_user(request, redirect_to=None):