Strict username requirements, if there is no openid nickname, of a conflict with…

Strict username requirements, if there is no openid nickname, of a conflict with an existing Django username, fail it

Strict username requirements, if there is no openid nickname, of a conflict with…
Strict username requirements, if there is no openid nickname, of a conflict with an existing Django username, fail it
bbc87811 · Michael Hall · 7069378a · bbc87811
Commit bbc87811 authored Oct 14, 2010 by Michael Hall
Show whitespace changes
Inline Side-by-side

Showing with 11 additions and 0 deletions

django_openid_auth/auth.py
+11 -0

No files found.
--- a/django_openid_auth/auth.py
+++ b/django_openid_auth/auth.py
@@ -42,6 +42,8 @@ from django_openid_auth.models import UserOpenID
 class IdentityAlreadyClaimed(Exception):
    pass
+class StrictUsernameViolation(Exception):
+    pass
 class OpenIDBackend:
    """A django.contrib.auth backend that authenticates the user based on
@@ -72,7 +74,10 @@ class OpenIDBackend:
                claimed_id__exact=openid_response.identity_url)
        except UserOpenID.DoesNotExist:
            if getattr(settings, 'OPENID_CREATE_USERS', False):
+                try:
                    user = self.create_user_from_openid(openid_response)
+                except StrictUsernameViolation:
+                    return None
        else:
            user = user_openid.user
@@ -141,6 +146,12 @@ class OpenIDBackend:
        nickname = details['nickname'] or 'openiduser'
        email = details['email'] or ''
+        if getattr(settings, 'OPENID_STRICT_USERNAMES', False):
+            if details['nickname'] is None or details['nickname'] == '':
+                raise StrictUsernameViolation()
+            if User.objects.filter(username__exact=nickname).count() > 0:
+                raise StrictUsernameViolation()
        # Pick a username for the user based on their nickname,
        # checking for conflicts.
        i = 1