enforce username requirements for CSV uploads (#313)

SpiderOak · Sep 14, 2018 · 21d673a · 21d673a
1 parent c670a97
commit 21d673a
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 6 deletions.
diff --git a/django/apps/blue_management/blue_mgnt/static/css/console-min.css b/django/apps/blue_management/blue_mgnt/static/css/console-min.css
diff --git a/django/apps/blue_management/blue_mgnt/static/less/style.less b/django/apps/blue_management/blue_mgnt/static/less/style.less
@@ -1364,6 +1364,7 @@ span.error-highlight {
         vertical-align: middle;
         margin-left: 10px;
         text-shadow: 0 0 1px #000;
+        white-space: normal;
     }
 
 }

diff --git a/django/apps/blue_management/blue_mgnt/templates/partials/add-user-widget.html b/django/apps/blue_management/blue_mgnt/templates/partials/add-user-widget.html
@@ -8,7 +8,7 @@ <h2 class="page-header"><i class="ss-icon">&#x1F464;</i>Add User
             <form action="{% url 'blue_mgnt:users' %}" enctype="multipart/form-data" method="POST">
                 {% if new_user.non_field_errors %}
                 <span class="error-highlight">
-                    <span class="error-tag">{{ new_user.non_field_errors.0 }}</span>
+                    <div class="error-tag">{{ new_user.non_field_errors.0 }}</div>
                 </span>
                 {% endif %}
                 {% csrf_token %}
@@ -26,7 +26,7 @@ <h2 class="page-header"><i class="ss-icon">&#x1F464;</i>Add User
                             {% for error in field.errors %}
                             <span class="error-highlight">
                                 {{ field }}
-                                <span class="error-tag">{{ error }}</span>
+                                <div class="error-tag">{{ error }}</div>
                             </span>
                             {% endfor %}
                         {% else %}
@@ -69,7 +69,7 @@ <h2 class="page-header"><i class="ss-icon">&#x1F464;</i>Add User
                                 {% for error in field.errors %}
                                 <span class="error-highlight">
                                     {{ field }}
-                                    <span class="error-tag">{{ error }}</span>
+                                    <div class="error-tag">{{ error }}</div>
                                 </span>
                                 {% endfor %}
                             {% else %}

diff --git a/django/apps/blue_management/blue_mgnt/views/users.py b/django/apps/blue_management/blue_mgnt/views/users.py
@@ -146,6 +146,14 @@ def _csv_create_users(api, account_info, groups, config, request, csv_data):
         if not group:
             msg = 'Invalid data in row %s. Invalid Group' % x
             return x, forms.ValidationError(msg)
+        if not new_user_value_re_tests['avatar']['username'].match(row['name']):
+            return x, forms.ValidationError(
+                'Invalid data in row %s. Invalid Username. ' % x +
+                'Usernames must start with a letter, '
+                'be at least four characters long, '
+                'and may contain letters, numbers, '
+                'and underscores.'
+            )
         group_id = group['group_id']
         config_group = get_config_group(config, group_id)
         if config_group['user_source'] != 'local':

diff --git a/django/apps/blue_management/blue_mgnt/views/validators.py b/django/apps/blue_management/blue_mgnt/views/validators.py
@@ -2,7 +2,12 @@
 import re
 
 name_validator = RegexValidator(
-    regex=r"^[\w\d\_]+$",
-    message="This field can only contain letter, numbers and underscores",
+    regex=r'^[a-zA-Z][a-zA-Z0-9_]{3,37}$',
+    message=(
+        'Usernames must start with a letter, '
+        'be at least four characters long, '
+        'and may contain letters, numbers, '
+        'and underscores.'
+    ),
     flags=re.UNICODE,
 )