From 1b1332a42d12564d108b8020095f36e2538313de Mon Sep 17 00:00:00 2001 From: Tim Van Baak Date: Wed, 29 Jan 2020 01:03:20 -0800 Subject: [PATCH] Forbid guids as usernames --- amanuensis/user.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/amanuensis/user.py b/amanuensis/user.py index 0dc5476..f8dcbd3 100644 --- a/amanuensis/user.py +++ b/amanuensis/user.py @@ -73,7 +73,14 @@ class UserModel(UserMixin): def valid_username(username): - return re.match(r"^[A-Za-z0-9-_]{3,}$", username) is not None + """ + A valid username is at least three characters long and composed solely of + alpahnumerics, dashes, and underscores. Additionally, usernames may not + be 32 hex digits, since that may be confused for an internal id. + """ + length_and_characters = re.match(r"^[A-Za-z0-9-_]{3,}$", username) + is_a_guid = re.match(r"^[A-Za-z0-9]{32}$", username) + return length_and_characters and not is_a_guid def valid_email(email): """Vaguely RFC2822 email verifier"""