Combine username validation with the one introduced for emails used a…

…s username
c2corg · Oct 31, 2022 · 99d03a8 · 99d03a8
1 parent d6a9ca6
commit 99d03a8
Showing 1 changed file with 22 additions and 29 deletions.
diff --git a/c2corg_api/views/user.py b/c2corg_api/views/user.py
@@ -68,27 +68,6 @@ def validate_json_password(request, **kwargs):
         request.errors.add('body', 'password', 'Invalid')
 
 
-def validate_json_username(request, **kwargs):
-    """Checks if the username was given, removes leading and trailing
-       whitespaces and eventually checks it's unique.
-    """
-
-    if 'username' not in request.json:
-        request.errors.add('body', 'username', 'Required')
-        return
-
-    username = request.json['username'].strip()
-    if not username:
-        request.errors.add('body', 'username',
-                           'Username cannot be empty or whitespaces')
-        return
-
-    if not is_unused_user_attribute('username', username, lowercase=True):
-        request.errors.add('body', 'username', 'This username already exists')
-
-    request.validated['username'] = username
-
-
 def is_unused_user_attribute(attrname, value, lowercase=False):
     attr = getattr(User, attrname)
     query = DBSession.query(User)
@@ -144,21 +123,36 @@ def validate_forum_username(request, **kwargs):
 
 
 def validate_username(request, **kwargs):
+    """Checks username is set, strips leading/trailing whitespaces,
+       checks unicity and if an email, that it matches the provided email.
     """
-    Check that the username is not an email,
-    or that it is the same as the actual email.
-    """
-    if 'username' in request.json and 'email' in request.json:
-        value = request.json['username']
+
+    if 'username' not in request.json:
+        request.errors.add('body', 'username', 'Required')
+        return
+
+    username = request.json['username'].strip()
+    if not username:
+        request.errors.add('body', 'username',
+                           'Username cannot be empty or whitespaces')
+        return
+
+    if not is_unused_user_attribute('username', username, lowercase=True):
+        request.errors.add('body', 'username', 'This username already exists')
+
+    # Check that the username is not an email,
+    # or that it is the same as the actual email.
+    if 'email' in request.json:
         email = request.json['email']
-        if (is_valid_email(value) and email != value):
+        if (is_valid_email(username) and email != username):
             request.errors.add(
                 'body',
                 'username',
                 'An email address used as username should be the same as the' +
                 ' one used as the account email address.')
             return
-        request.validated['username'] = value
+
+    request.validated['username'] = username
 
 
 def validate_captcha(request, **kwargs):
@@ -209,7 +203,6 @@ def __init__(self, request):
         validators=[
             colander_body_validator,
             validate_json_password,
-            validate_json_username,
             partial(validate_unique_attribute, "email"),
             partial(validate_unique_attribute,
                     "forum_username",