metasrht-manageuser: skip username blacklist

2020-10-13 10:49:20 -04:00 · 2020-10-13 10:49:20 -04:00 · b3e31d9997
parent 7e45ec86a3
commit b3e31d9997
3 changed files with 12 additions and 3 deletions
--- a/config.example.ini
+++ b/config.example.ini
@ -41,6 +41,15 @@ network-key=
 # ill effect, if this better suits your infrastructure.
 redis-host=

+[objects]
+#
+# Configure S3-compatible object storage for services. Optional.
+#
+# Minio is recommended as a FOSS solution over AWS: https://min.io
+s3-upstream=
+s3-access-key=
+s3-secret-key=
+
 [mail]
 #
 # Outgoing SMTP settings
--- a/2
+++ b/2
@ -102,7 +102,7 @@ def error_on_invalid(valid):

 def validate_user(username, email):
    valid = Validation({})
-    auth_validation.validate_username(valid, username)
+    auth_validation.validate_username(valid, username, check_blacklist=False)
    auth_validation.validate_email(valid, email)
    error_on_invalid(valid)

--- a/metasrht/auth_validation.py
+++ b/metasrht/auth_validation.py
@ -6,7 +6,7 @@ from srht.config import cfg
 from zxcvbn import zxcvbn


-def validate_username(valid, username):
+def validate_username(valid, username, check_blacklist=True):
    user = User.query.filter(User.username == username).first()
    valid.expect(user is None, "This username is already in use.", "username")
    valid.expect(2 <= len(username) <= 30,
@ -18,7 +18,7 @@ def validate_username(valid, username):
    valid.expect(re.match("^[a-z0-9_-]+$", username),
                 "Username may contain only lowercase letters, numbers, "
                 "hyphens and underscores", "username")
-    valid.expect(username not in username_blacklist,
+    valid.expect(not check_blacklist or username not in username_blacklist,
                 "This username is not available", "username")