diff options
Diffstat (limited to 'users')
| -rw-r--r-- | users/views/identity.py | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/users/views/identity.py b/users/views/identity.py index 9f2a7f9..fff521b 100644 --- a/users/views/identity.py +++ b/users/views/identity.py @@ -1,3 +1,5 @@ +import string + from django import forms from django.conf import settings from django.contrib.auth.decorators import login_required @@ -37,6 +39,20 @@ class SelectIdentity(TemplateView): @method_decorator(login_required, name="dispatch") +class ActivateIdentity(View): + def get(self, request, handle): + identity = by_handle_or_404(request, handle) + if not identity.users.filter(pk=request.user.pk).exists(): + raise Http404() + request.session["identity_id"] = identity.id + # Get next URL, not allowing offsite links + next = request.GET.get("next") or "/" + if ":" in next: + next = "/" + return redirect("/") + + +@method_decorator(login_required, name="dispatch") class CreateIdentity(FormView): template_name = "identity/create.html" @@ -50,10 +66,16 @@ class CreateIdentity(FormView): def clean_handle(self): # Remove any leading @ value = self.cleaned_data["handle"].lstrip("@") + # Validate it's all ascii characters + for character in value: + if character not in string.ascii_letters + string.digits + "_-": + raise forms.ValidationError( + "Only the letters a-z, numbers 0-9, dashes and underscores are allowed." + ) # Don't allow custom domains here quite yet if "@" in value: raise forms.ValidationError( - "You are not allowed an @ sign in your handle" + "You are not allowed an @ sign in your handle." ) # Ensure there is a domain on the end if "@" not in value: |