def usernameValid(username):
if len(username) > 12 or len(username) < 1:
return "Invalid Username! Must be between 1 and 12 characters."
if is_safe_username(username):
# Extensible by inserting more logic in here!
return True
else:
return "Username not allowed!"
def loginform():
if request.method == 'POST':
print(request.form)
username = request.form['username']
# password = request.form['password']
if username is not None and is_safe_username(username):
login_user(User(username))
return redirect(request.args.get('next'))
return render_template('login.html')
def is_safe(self, username):
"""
Checks if username is safe to use
"""
if is_safe_username(username):
self.username = username
else:
username = generate_username(1)[0]
self.username = username
def check_name(name):
regex = re.compile('^[a-zA-Z]{3,}$')
res = re.match(regex, str(name))
if not res:
response = {'message': "The name should only contain letters."}
return jsonify(response), 400
if not is_safe_username(name):
response = {
'message':
"The name you provided is not allowed, " +
"please try again but with a different name."
}
return jsonify(response), 400
def check_username(username):
regex = re.compile('^[a-zA-Z0-9_]{3,}$')
res = re.match(regex, str(username))
if not is_safe_username(username):
response = {
'message':
"The username you provided is not allowed, " +
"please try again but with a different name."
}
return jsonify(response), 400
if not res:
response = {
'message':
"The Username should contain atleast four " +
"alpha-numeric characters. The optional " +
"special character allowed is _ (underscore)."
}
return jsonify(response), 400
def register(value):
email = value["email"]
username = value["username"]
password = value["password"]
age = int(value["age"])
gender = value["gender"]
if validate_email(email, check_mx=MX_VERIFY, verify=FULL_VERIFY) == False: # Only checking domain has SMTP Server
return jsonify({"Status": 0, "Message": "Please enter a valid email address."})
if not is_safe_username(username):
return jsonify({"Status": 0, "Message": "Please enter a valid username."})
if not is_strong_password(password):
return jsonify({"Status": 0, "Message": "Your password is to weak, please try again."})
con, c = dbconnect.connect()
query = " SELECT user_id FROM user WHERE user_email = %s "
if c.execute(query, (email,)) != 0:
dbconnect.close(con, c)
return jsonify({"Status": 0, "Message": "Email address has already been taken."})
query = " SELECT user_id FROM user WHERE user_name = %s "
if c.execute(query, (username,)) != 0:
dbconnect.close(con, c)
return jsonify({"Status": 0, "Message": "Username has already been taken."})
pass_hash = generate_password_hash(password)
query = " INSERT INTO user(user_email,user_name,pass_hash,age,gender) VALUES (%s,%s,%s,%s,%s);"
c.execute(query, (email, username, pass_hash, age, gender))
con.commit()
dbconnect.close(con, c)
html_msg = render_template("welcome.html", username=username)
from run import send_mail
send_mail("Welcome to Walk With Me", [email], html_msg)
return jsonify({"Status": 1, "Message": "Registration successful! Please login."})
def valid_username(form, field):
if not is_safe_username(field.data):
raise ValidationError(
'User name "{name}" is not valid'.format(name=field.data))
def validate_username(self, key, username):
assert is_safe_username(
username, whitelist=set(USERNAME_WHITELIST)), 'Username unsafe'
assert 2 < len(
username) < 16, 'Username must be between 3 and 15 characters long'
return username
def test_max_lenght():
assert is_safe_username("u" * 10, max_length=10)
assert not is_safe_username("u" * 11, max_length=10)
def test_usernames():
unsafe_words = [
"!",
"#",
"",
"()",
"-",
"-hello",
".",
".hello",
"_",
"a@!/",
"f**k",
"hel--lo",
"hel-.lo",
"hel..lo",
"hel__lo",
"hello-",
"hello.",
"sex",
"\\",
"\\\\",
"--1",
"!@#$%^&*()`~",
"`⁄€‹›fifl‡°·‚—±",
"⅛⅜⅝⅞",
"😍",
"👩🏽",
"👾 🙇 💁 🙅 🙆 🙋 🙎 🙍 ",
"🐵 🙈 🙉 🙊",
"❤️ 💔 💌 💕 💞 💓 💗 💖 💘 💝 💟 💜 💛 💚 💙",
"✋🏿 💪🏿 👐🏿 🙌🏿 👏🏿 🙏🏿",
"🚾 🆒 🆓 🆕 🆖 🆗 🆙 🏧",
"0️⃣ 1️⃣ 2️⃣ 3️⃣ 4️⃣ 5️⃣ 6️⃣ 7️⃣ 8️⃣ 9️⃣ 🔟",
"123",
"١٢٣",
"ثم نفس سقطت وبالتحديد،, جزيرتي باستخدام أن دنو. إذ هنا؟ الستار وتنصيب كان. أهّل ايطاليا، بريطانيا-فرنسا قد أخذ. سليمان، إتفاقية بين ما, يذكر الحدود أي بعد, معاملة بولندا، الإطلاق عل إيو.", # noqa
"בְּרֵאשִׁית, בָּרָא אֱלֹהִים, אֵת הַשָּׁמַיִם, וְאֵת הָאָרֶץ",
"הָיְתָהtestالصفحات التّحول",
"﷽",
"ﷺ",
" ",
"𝐓𝐡𝐞",
"⒯⒣⒠",
"Powerلُلُصّبُلُلصّبُررًॣॣhॣॣ冗",
]
safe_words = [
"a"
"10101",
"1he-llo",
"_hello",
"he-llo",
"he.llo_",
"hello",
"hello_",
"999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999",
]
for w in unsafe_words:
assert not is_safe_username(w)
for w in safe_words:
assert is_safe_username(w)
def test_whitelist():
assert not is_safe_username("he..lo", whitelist=["he..lo"])
assert is_safe_username("f**k", whitelist=["f**k"])
assert is_safe_username("f**k", whitelist=["F**k"])
def test_blacklist():
assert not is_safe_username("helo", blacklist=["helo"])
assert not is_safe_username("helo", blacklist=["Helo"])
def test_usernames():
unsafe_words = [
'!',
'#',
'',
'()',
'-',
'-hello',
'.',
'.hello',
'_',
'a@!/',
'f**k',
'hel--lo',
'hel-.lo',
'hel..lo',
'hel__lo',
'hello-',
'hello.',
'sex',
"\\",
"\\\\",
"--1",
"!@#$%^&*()`~",
"`⁄€‹›fifl‡°·‚—±",
"⅛⅜⅝⅞",
"😍",
"👩🏽",
"👾 🙇 💁 🙅 🙆 🙋 🙎 🙍 ",
"🐵 🙈 🙉 🙊",
"❤️ 💔 💌 💕 💞 💓 💗 💖 💘 💝 💟 💜 💛 💚 💙",
"✋🏿 💪🏿 👐🏿 🙌🏿 👏🏿 🙏🏿",
"🚾 🆒 🆓 🆕 🆖 🆗 🆙 🏧",
"0️⃣ 1️⃣ 2️⃣ 3️⃣ 4️⃣ 5️⃣ 6️⃣ 7️⃣ 8️⃣ 9️⃣ 🔟",
"123",
"١٢٣",
"ثم نفس سقطت وبالتحديد،, جزيرتي باستخدام أن دنو. إذ هنا؟ الستار وتنصيب كان. أهّل ايطاليا، بريطانيا-فرنسا قد أخذ. سليمان، إتفاقية بين ما, يذكر الحدود أي بعد, معاملة بولندا، الإطلاق عل إيو.", # noqa
"בְּרֵאשִׁית, בָּרָא אֱלֹהִים, אֵת הַשָּׁמַיִם, וְאֵת הָאָרֶץ",
"הָיְתָהtestالصفحات التّحول",
"﷽",
"ﷺ",
" ",
"𝐓𝐡𝐞",
"⒯⒣⒠",
"Powerلُلُصّبُلُلصّبُررًॣॣhॣॣ冗"
]
safe_words = [
'a'
'10101',
'1he-llo',
'_hello',
'he-llo',
'he.llo_',
'hello',
'hello_',
"999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999",
]
for w in unsafe_words:
assert not is_safe_username(w)
for w in safe_words:
assert is_safe_username(w)