Add checks to username on login

2 years ago · 87863b3baf
parent 665a2bddef
commit 87863b3baf
3 changed files with 25 additions and 1 deletions
--- a/apiserver/apiserver/api/serializers.py
+++ b/apiserver/apiserver/api/serializers.py
@ -772,3 +772,24 @@ class SpaceportAuthSerializer(LoginSerializer):
                user.member.save()

        return user
+
+class MyLoginSerializer(LoginSerializer):
+    def authenticate(self, **kwargs):
+        username = kwargs.get('username', '')
+
+        if 'your' in username and 'own' in username and 'name' in username:
+            raise ValidationError(dict(username='*server explodes*'))
+
+        if ' ' in username:
+            raise ValidationError(dict(username='Username shouldn\'t have spaces.'))
+
+        if 'first.last' in username:
+            raise ValidationError(dict(username='Don\'t literally try "first.last", use your own name.'))
+
+        if 'first.middle.last' in username:
+            raise ValidationError(dict(username='Don\'t literally try "first.middle.last", use your own name.'))
+
+        if not User.objects.filter(username=username).exists():
+            raise ValidationError(dict(username='Username not found. Try "first.last" or "first.middle.last".'))
+
+        return super().authenticate(**kwargs)
--- a/apiserver/apiserver/api/views.py
+++ b/apiserver/apiserver/api/views.py
@ -855,6 +855,9 @@ class PasswordResetConfirmView(PasswordResetConfirmView):
 class SpaceportAuthView(LoginView):
    serializer_class = serializers.SpaceportAuthSerializer

+class MyLoginView(LoginView):
+    serializer_class = serializers.MyLoginSerializer
+

@api_view()
 def null_view(request, *args, **kwargs):
--- a/apiserver/apiserver/urls.py
+++ b/apiserver/apiserver/urls.py
@ -28,7 +28,7 @@ router.register(r'charts/spaceactivity', views.SpaceActivityViewSet, basename='s

 urlpatterns = [
    path('', include(router.urls)),
-    url(r'^rest-auth/login/$', LoginView.as_view(), name='rest_login'),
+    url(r'^rest-auth/login/$', views.MyLoginView.as_view(), name='rest_login'),
    url(r'^spaceport-auth/login/$', views.SpaceportAuthView.as_view(), name='spaceport_auth'),
    url(r'^rest-auth/logout/$', LogoutView.as_view(), name='rest_logout'),
    url(r'^password/reset/$', views.PasswordResetView.as_view(), name='rest_password_reset'),