From 710fbc949b95d9e3c616b16a1d3cac8e0796c8d4 Mon Sep 17 00:00:00 2001
From: Mouse Reeve <mousereeve@riseup.net>
Date: Tue, 15 Dec 2020 15:52:22 -0800
Subject: [PATCH] Better username validator and remove trailing whitespace

---
 bookwyrm/models/fields.py | 11 +++++++++--
 bookwyrm/view_actions.py  |  2 +-
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/bookwyrm/models/fields.py b/bookwyrm/models/fields.py
index f6142e37..b8efc71d 100644
--- a/bookwyrm/models/fields.py
+++ b/bookwyrm/models/fields.py
@@ -5,7 +5,6 @@ from uuid import uuid4
 
 import dateutil.parser
 from dateutil.parser import ParserError
-from django.contrib.auth.models import AbstractUser
 from django.contrib.postgres.fields import ArrayField as DjangoArrayField
 from django.core.exceptions import ValidationError
 from django.core.files.base import ContentFile
@@ -25,6 +24,14 @@ def validate_remote_id(value):
             params={'value': value},
         )
 
+def validate_username(value):
+    ''' make sure usernames look okay '''
+    if not re.match(r'^[A-Za-z\-_\.]+$', value):
+        raise ValidationError(
+            _('%(value)s is not a valid remote_id'),
+            params={'value': value},
+        )
+
 
 class ActivitypubFieldMixin:
     ''' make a database field serializable '''
@@ -134,7 +141,7 @@ class UsernameField(ActivitypubFieldMixin, models.CharField):
             _('username'),
             max_length=150,
             unique=True,
-            validators=[AbstractUser.username_validator],
+            validators=[validate_username],
             error_messages={
                 'unique': _('A user with that username already exists.'),
             },
diff --git a/bookwyrm/view_actions.py b/bookwyrm/view_actions.py
index 7126b1b2..26106190 100644
--- a/bookwyrm/view_actions.py
+++ b/bookwyrm/view_actions.py
@@ -66,7 +66,7 @@ def register(request):
     if not form.is_valid():
         errors = True
 
-    username = form.data['username']
+    username = form.data['username'].strip()
     email = form.data['email']
     password = form.data['password']