From e71e2592558bc8b4ab21ed31282215ee89cdc5c8 Mon Sep 17 00:00:00 2001
From: Jan Philipp Timme <jan.philipp@timme.it>
Date: Fri, 3 Oct 2014 13:51:19 +0200
Subject: [PATCH] [TASK] Add a restrictive username validation.

---
 settings.example.py | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/settings.example.py b/settings.example.py
index b8f06a2..5131dbc 100644
--- a/settings.example.py
+++ b/settings.example.py
@@ -33,6 +33,15 @@ def username_validator(form, field):
     """ Since usernames will be used for subdomains, take your time here. """
     username = field.data
     if len(username) < 4:
-        raise ValidationError(_('Username must be at least 4 characters long'))
-    if not username.isalnum():
-        raise ValidationError(_('Username may only contain letters and numbers'))
+        raise ValidationError(_('Username must be at least 4 characters long.'))
+    if username != username.lower():
+        raise ValidationError(_('Please use lower case letters, numbers, dash and underscore only.'))
+    if username in ['admin', 'root', 'hostmaster', 'webmaster', 'www']:
+        raise ValidationError(_('This username is not allowed.'))
+    import re
+    regex = '([a-z])([-_a-z0-9]){2,40}'
+    pattern = re.compile(regex)
+    if pattern.match(username) != None:
+        return
+    else:
+        raise ValidationError(_('Username must comply with this regex: "' + regex + '".'))