diff options
-rw-r--r-- | .gitignore | 2 | ||||
-rw-r--r-- | app.py | 9 | ||||
-rw-r--r-- | forms.py | 18 |
3 files changed, 28 insertions, 1 deletions
@@ -1,2 +1,4 @@ *.pyc env/ +settings.py +username_blacklist.txt @@ -34,6 +34,15 @@ def ldap_connect(): # we had crap in the session, delete it logout_user() +@app.before_request +def read_blacklist(): + app.username_blacklist = None + + # use @before_first_request as soon as we require flask 0.8 + if app.username_blacklist is None and app.config.get('USERNAME_BLACKLIST_FILE'): + with open(app.config['USERNAME_BLACKLIST_FILE']) as f: + app.username_blacklist = f.read().split('\n') + @app.route('/', methods=['GET', 'POST']) @templated('index.html') @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- from account import SERVICES, NoSuchUserError -from flask import g +from flask import g, current_app, url_for, Markup from flask.ext.wtf import Form, validators, TextField, PasswordField,\ ValidationError from functools import partial @@ -15,6 +15,22 @@ class RegisterForm(Form): username = username() mail = TextField('E-Mail-Adresse', [validators.Email(), validators.Length(min=6, max=50)]) + def validate_username(form, field): + try: + g.ldap.get_by_uid(field.data) + except NoSuchUserError: + if current_app.username_blacklist: + if field.data.lower() in current_app.username_blacklist: + + raise ValidationError(Markup(u'Dieser Benutzername ist momentan nicht erlaubt. ' + u'<a href="%s">Weitere Informationen</a>' % url_for('about'))) + else: + print 'not in blacklist: %r' % field.data + else: + print 'no blacklist' + else: + raise ValidationError(u'Dieser Benutzername ist schon vergeben') + class RegisterCompleteForm(Form): password = PasswordField('Passwort', [validators.Required(), |