diff --git a/app/forms/account.py b/app/forms/account.py index a700f76..f965237 100644 --- a/app/forms/account.py +++ b/app/forms/account.py @@ -33,6 +33,7 @@ class DeleteAccountForm(FlaskForm): class AdminUpdateAccountForm(FlaskForm): + username = StringField('Pseudonyme', validators=[DataRequired(), vd.name]) avatar = FileField('Avatar', validators=[Optional(), vd.avatar]) email = StringField('Adresse Email', validators=[Optional(), Email(), vd.email]) password = PasswordField('Mot de passe :', validators=[Optional(), vd.password]) diff --git a/app/models/users.py b/app/models/users.py index 806ae5e..91d90b9 100644 --- a/app/models/users.py +++ b/app/models/users.py @@ -35,25 +35,34 @@ class User(UserMixin, db.Model): def valid_name(name): """ Checks whether a string is a valid user name. The criteria are: - 1. No whitespace-class character - 2. At least one letter - 3. At least 3 characters and no longer than 32 characters + 1. At least 3 characters and no longer than 32 characters + 2. No whitespace-class character + 3. No special chars + 4. At least one letter + 5. Not in forbidden usernames Possibily other intresting criteria: - 4. Unicode restriction + 6. Unicode restriction """ + # Rule 1 if type(name) != str or len(name) < 3 or len(name) > 32: return False - if name in V5Config.FORBIDDEN_USERNAMES: - return False + # Rule 2 # Reject all Unicode whitespaces. This is important to avoid the most # common Unicode tricks! if re.search(r'\s', name) is not None: return False + # Rule 3 + if re.search(V5Config.FORBIDDEN_CHARS_USERNAMES, name) is not None: + return False + # Rule 4 # There must be at least one letter (avoid complete garbage) if re.search(r'\w', name) is None: return False + # Rule 5 + if name in V5Config.FORBIDDEN_USERNAMES: + return False return True diff --git a/app/routes/admin.py b/app/routes/admin.py index 070b46a..ccd22f0 100644 --- a/app/routes/admin.py +++ b/app/routes/admin.py @@ -10,7 +10,7 @@ from app.utils.render import render from app import app, db @app.route('/admin', methods=['GET', 'POST']) -@priv_required('admin-panel') +@priv_required('access-admin-board') def adm(): return render('admin/index.html') @@ -45,7 +45,7 @@ default_groups = [ ] @app.route('/admin/groups', methods=['GET', 'POST']) -@priv_required('admin-manel') +@priv_required('access-admin-board') def adm_groups(): class GroupRegenerationForm(FlaskForm): submit = SubmitField('Régénérer les groupes, privilèges, et comptes communs') @@ -113,6 +113,7 @@ def adm_edit_account(user_id): f = form.avatar.data f.save("./app/static/"+user.avatar) user.update( + name = form.username.data or None, email = form.email.data or None, password = form.password.data or None, birthday = form.birthday.data, diff --git a/app/templates/admin/edit_account.html b/app/templates/admin/edit_account.html index f7ca4b0..f743d81 100644 --- a/app/templates/admin/edit_account.html +++ b/app/templates/admin/edit_account.html @@ -17,6 +17,13 @@ {{ form.avatar }} +