Fixed #21379 -- Created auth-specific username validators

Thanks Tim Graham for the review.
2025-10-24 14:16:09 +00:00 · 2016-04-22 19:39:13 +02:00
parent 2265ff3710
commit 526575c641
11 changed files with 168 additions and 33 deletions
--- a/django/contrib/auth/migrations/0001_initial.py
+++ b/django/contrib/auth/migrations/0001_initial.py
@@ -2,9 +2,9 @@
 from __future__ import unicode_literals

 import django.contrib.auth.models
-from django.core import validators
+from django.contrib.auth import validators
 from django.db import migrations, models
-from django.utils import timezone
+from django.utils import six, timezone


 class Migration(migrations.Migration):
@@ -66,7 +66,9 @@ class Migration(migrations.Migration):
                ('username', models.CharField(
                    help_text='Required. 30 characters or fewer. Letters, digits and @/./+/-/_ only.', unique=True,
                    max_length=30, verbose_name='username',
-                    validators=[validators.RegexValidator('^[\\w.@+-]+$', 'Enter a valid username.', 'invalid')]
+                    validators=[
+                        validators.UnicodeUsernameValidator() if six.PY3 else validators.ASCIIUsernameValidator()
+                    ],
                )),
                ('first_name', models.CharField(max_length=30, verbose_name='first name', blank=True)),
                ('last_name', models.CharField(max_length=30, verbose_name='last name', blank=True)),
--- a/django/contrib/auth/migrations/0004_alter_user_username_opts.py
+++ b/django/contrib/auth/migrations/0004_alter_user_username_opts.py
@@ -1,8 +1,9 @@
 # -*- coding: utf-8 -*-
 from __future__ import unicode_literals

-import django.core.validators
+from django.contrib.auth import validators
 from django.db import migrations, models
+from django.utils import six


 class Migration(migrations.Migration):
@@ -18,11 +19,7 @@ class Migration(migrations.Migration):
            name='username',
            field=models.CharField(
                error_messages={'unique': 'A user with that username already exists.'}, max_length=30,
-                validators=[django.core.validators.RegexValidator(
-                    '^[\\w.@+-]+$',
-                    'Enter a valid username. This value may contain only letters, numbers and @/./+/-/_ characters.',
-                    'invalid'
-                )],
+                validators=[validators.UnicodeUsernameValidator() if six.PY3 else validators.ASCIIUsernameValidator()],
                help_text='Required. 30 characters or fewer. Letters, digits and @/./+/-/_ only.',
                unique=True, verbose_name='username'
            ),
--- a/django/contrib/auth/migrations/0007_alter_validators_add_error_messages.py
+++ b/django/contrib/auth/migrations/0007_alter_validators_add_error_messages.py
@@ -1,8 +1,9 @@
 # -*- coding: utf-8 -*-
 from __future__ import unicode_literals

-import django.core.validators
+from django.contrib.auth import validators
 from django.db import migrations, models
+from django.utils import six


 class Migration(migrations.Migration):
@@ -20,12 +21,7 @@ class Migration(migrations.Migration):
                help_text='Required. 30 characters or fewer. Letters, digits and @/./+/-/_ only.',
                max_length=30,
                unique=True,
-                validators=[
-                    django.core.validators.RegexValidator(
-                        '^[\\w.@+-]+$', 'Enter a valid username. '
-                        'This value may contain only letters, numbers and @/./+/-/_ characters.'
-                    ),
-                ],
+                validators=[validators.UnicodeUsernameValidator() if six.PY3 else validators.ASCIIUsernameValidator()],
                verbose_name='username',
            ),
        ),
--- a/django/contrib/auth/migrations/0008_alter_user_username_max_length.py
+++ b/django/contrib/auth/migrations/0008_alter_user_username_max_length.py
@@ -1,8 +1,9 @@
 # -*- coding: utf-8 -*-
 from __future__ import unicode_literals

-import django.core.validators
+from django.contrib.auth import validators
 from django.db import migrations, models
+from django.utils import six


 class Migration(migrations.Migration):
@@ -20,12 +21,7 @@ class Migration(migrations.Migration):
                help_text='Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.',
                max_length=150,
                unique=True,
-                validators=[
-                    django.core.validators.RegexValidator(
-                        '^[\\w.@+-]+$', 'Enter a valid username. '
-                        'This value may contain only letters, numbers and @/./+/-/_ characters.'
-                    ),
-                ],
+                validators=[validators.UnicodeUsernameValidator() if six.PY3 else validators.ASCIIUsernameValidator()],
                verbose_name='username',
            ),
        ),
--- a/django/contrib/auth/models.py
+++ b/django/contrib/auth/models.py
@@ -4,7 +4,6 @@ from django.contrib import auth
 from django.contrib.auth.base_user import AbstractBaseUser, BaseUserManager
 from django.contrib.auth.signals import user_logged_in
 from django.contrib.contenttypes.models import ContentType
-from django.core import validators
 from django.core.exceptions import PermissionDenied
 from django.core.mail import send_mail
 from django.db import models
@@ -14,6 +13,8 @@ from django.utils.deprecation import CallableFalse, CallableTrue
 from django.utils.encoding import python_2_unicode_compatible
 from django.utils.translation import ugettext_lazy as _

+from .validators import ASCIIUsernameValidator, UnicodeUsernameValidator
+

 def update_last_login(sender, user, **kwargs):
    """
@@ -302,18 +303,14 @@ class AbstractUser(AbstractBaseUser, PermissionsMixin):

    Username and password are required. Other fields are optional.
    """
+    username_validator = UnicodeUsernameValidator() if six.PY3 else ASCIIUsernameValidator()
+
    username = models.CharField(
        _('username'),
        max_length=150,
        unique=True,
        help_text=_('Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.'),
-        validators=[
-            validators.RegexValidator(
-                r'^[\w.@+-]+$',
-                _('Enter a valid username. This value may contain only '
-                  'letters, numbers ' 'and @/./+/-/_ characters.')
-            ),
-        ],
+        validators=[username_validator],
        error_messages={
            'unique': _("A user with that username already exists."),
        },
--- a/django/contrib/auth/validators.py
+++ b/django/contrib/auth/validators.py
@@ -0,0 +1,26 @@
+import re
+
+from django.core import validators
+from django.utils import six
+from django.utils.deconstruct import deconstructible
+from django.utils.translation import ugettext_lazy as _
+
+
+@deconstructible
+class ASCIIUsernameValidator(validators.RegexValidator):
+    regex = r'^[\w.@+-]+$'
+    message = _(
+        'Enter a valid username. This value may contain only English letters, '
+        'numbers, and @/./+/-/_ characters.'
+    )
+    flags = re.ASCII if six.PY3 else 0
+
+
+@deconstructible
+class UnicodeUsernameValidator(validators.RegexValidator):
+    regex = r'^[\w.@+-]+$'
+    message = _(
+        'Enter a valid username. This value may contain only letters, '
+        'numbers, and @/./+/-/_ characters.'
+    )
+    flags = re.UNICODE if six.PY2 else 0