Merge pull request #817 from Gluejar/username-screening

add username screening
2018-12-07 15:00:27 -05:00 · 2018-12-07 15:00:27 -05:00 · 0fe102c1ea
parent 9d8b129477 aa12cc75f9
commit 0fe102c1ea
4 changed files with 54 additions and 8 deletions
--- a/libraryauth/admin.py
+++ b/libraryauth/admin.py
@ -1,5 +1,5 @@
 from django import forms
-from django.contrib.admin import ModelAdmin, site
+from django.contrib.admin import ModelAdmin, site, register
 from django.contrib.auth.models import User

 from selectable.base import ModelLookup
@ -30,25 +30,27 @@ class LibraryAdminForm(forms.ModelForm):
        widgets = {'group':forms.HiddenInput}
        exclude = ('group', )

-
+@register(models.Library)
 class LibraryAdmin(ModelAdmin):
    list_display = ('user', )
    form = LibraryAdminForm
    search_fields = ['user__username']

+@register(models.Block)
 class BlockAdmin(ModelAdmin):
    list_display = ('library', 'lower', 'upper',)
    search_fields = ('library__name', 'lower', 'upper',)

+@register(models.CardPattern)
 class CardPatternAdmin(ModelAdmin):
    list_display = ('library', 'pattern', 'checksum',)
    search_fields = ('library__name', )

+@register(models.EmailPattern)
 class EmailPatternAdmin(ModelAdmin):
    list_display = ('library', 'pattern', )
    search_fields = ('library__name',)

-site.register(models.Library, LibraryAdmin)
-site.register(models.Block, BlockAdmin)
-site.register(models.CardPattern, CardPatternAdmin)
-site.register(models.EmailPattern, EmailPatternAdmin)
+@register(models.BadUsernamePattern)
+class EmailPatternAdmin(ModelAdmin):
+    list_display = ('pattern', 'last')
--- a/libraryauth/migrations/0003_badusernamepattern.py
+++ b/libraryauth/migrations/0003_badusernamepattern.py
@ -0,0 +1,24 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.14 on 2018-12-06 17:32
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+import django.utils.timezone
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('libraryauth', '0002_auto_20160727_2214'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='BadUsernamePattern',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('pattern', models.CharField(max_length=100)),
+                ('last', models.DateTimeField(default=django.utils.timezone.now)),
+            ],
+        ),
+    ]
--- a/libraryauth/models.py
+++ b/libraryauth/models.py
@ -10,6 +10,7 @@ from django.db import models
 from django.db.models.signals import post_save
 from django.forms import GenericIPAddressField as BaseIPAddressField
 from django.urls import reverse
+from django.utils import timezone 

 class Library(models.Model):
    '''
@ -291,3 +292,13 @@ class EmailPattern(models.Model):

    def is_valid(self, email):
        return email.lower().endswith(self.pattern.lower())
+        
+class BadUsernamePattern(models.Model):
+    pattern = models.CharField(max_length=100)
+    last = models.DateTimeField(default=timezone.now)
+    
+    def matches(self, username):
+        if re.match(self.pattern, username):
+            self.last = timezone.now()
+            return True
+        return False
--- a/libraryauth/views.py
+++ b/libraryauth/views.py
@ -1,7 +1,7 @@
 import logging
 from django.conf import settings
 from django.urls import reverse
-from django.shortcuts import get_object_or_404, render
+from django.shortcuts import get_object_or_404, redirect, render
 from django.contrib.auth import login as login_to_user
 from django.contrib.auth import load_backend
 from django.contrib.auth.decorators import login_required
@ -15,7 +15,7 @@ from django.views.generic.edit import CreateView, UpdateView
 from registration.backends.model_activation.views import RegistrationView

 from . import backends
-from .models import Library
+from .models import Library, BadUsernamePattern
 from .forms import LibraryForm, NewLibraryForm, RegistrationFormNoDisposableEmail, UserData

 logger = logging.getLogger(__name__)
@ -288,6 +288,15 @@ class CustomRegistrationView(RegistrationView):
        q = self.request.session.get('q', False)
        if q and q in robot_qs:
            return self.render_to_response({'form':form})
+        for bad_pattern in BadUsernamePattern.objects.all():
+            if bad_pattern.matches(form.cleaned_data['username']):                
+                # pretend success
+                success_url = self.get_success_url(None)
+                try:
+                    to, args, kwargs = success_url
+                    return redirect(to, *args, **kwargs)
+                except ValueError:
+                    return redirect(success_url)
        return super(CustomRegistrationView, self).form_valid(form)

 def edit_user(request, redirect_to=None):