diff options
author | Cédric Bonhomme <cedric@cedricbonhomme.org> | 2014-05-05 13:40:39 +0200 |
---|---|---|
committer | Cédric Bonhomme <cedric@cedricbonhomme.org> | 2014-05-05 13:40:39 +0200 |
commit | 9fd38b735abb6d5485a9e34c8c330a0a7d9cbeea (patch) | |
tree | 7de83599fb3a24632f1fc78735b573ec49bf31c4 /pyaggr3g470r/forms.py | |
parent | Fixed a security problem. (diff) | |
download | newspipe-9fd38b735abb6d5485a9e34c8c330a0a7d9cbeea.tar.gz newspipe-9fd38b735abb6d5485a9e34c8c330a0a7d9cbeea.tar.bz2 newspipe-9fd38b735abb6d5485a9e34c8c330a0a7d9cbeea.zip |
Improved forms validation.
Diffstat (limited to 'pyaggr3g470r/forms.py')
-rw-r--r-- | pyaggr3g470r/forms.py | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/pyaggr3g470r/forms.py b/pyaggr3g470r/forms.py index 6a11362c..61cd4c2a 100644 --- a/pyaggr3g470r/forms.py +++ b/pyaggr3g470r/forms.py @@ -30,6 +30,7 @@ from flask import flash from flask.ext.wtf import Form from flask.ext.babel import lazy_gettext from wtforms import TextField, TextAreaField, PasswordField, BooleanField, SubmitField, validators +from flask.ext.wtf.html5 import EmailField from flask_wtf import RecaptchaField from pyaggr3g470r.models import User @@ -37,8 +38,8 @@ from pyaggr3g470r.models import User class SignupForm(Form): firstname = TextField(lazy_gettext("First name"), [validators.Required(lazy_gettext("Please enter your first name."))]) lastname = TextField(lazy_gettext("Last name"), [validators.Required(lazy_gettext("Please enter your last name."))]) - email = TextField(lazy_gettext("Email"), [validators.Required(lazy_gettext("Please enter your email."))]) - password = PasswordField(lazy_gettext("Password")) + email = EmailField(lazy_gettext("Email"), [validators.Length(min=6, max=35), validators.Required(lazy_gettext("Please enter your email."))]) + password = PasswordField(lazy_gettext("Password"), [validators.Required(lazy_gettext("Please enter a password.")), validators.Length(min=6, max=100)]) recaptcha = RecaptchaField() submit = SubmitField(lazy_gettext("Sign up")) @@ -48,14 +49,20 @@ class SignupForm(Form): def validate(self): if not Form.validate(self): return False + if self.firstname.data != User.make_valid_nickname(self.firstname.data): + self.firstname.errors.append(lazy_gettext('This firstname has invalid characters. Please use letters, numbers, dots and underscores only.')) + return False + if self.lastname.data != User.make_valid_nickname(self.lastname.data): + self.lastname.errors.append(lazy_gettext('This lastname has invalid characters. Please use letters, numbers, dots and underscores only.')) + return False return True class SigninForm(Form): """ Sign in form. """ - email = TextField("Email", [validators.Required(lazy_gettext("Please enter your email address."))]) - password = PasswordField(lazy_gettext('Password'), [validators.Required(lazy_gettext("Please enter a password."))]) + email = EmailField("Email", [validators.Length(min=6, max=35), validators.Required(lazy_gettext("Please enter your email address."))]) + password = PasswordField(lazy_gettext('Password'), [validators.Required(lazy_gettext("Please enter a password.")), validators.Length(min=6, max=100)]) submit = SubmitField(lazy_gettext("Log In")) def __init__(self, *args, **kwargs): @@ -92,8 +99,8 @@ class AddFeedForm(Form): class ProfileForm(Form): firstname = TextField(lazy_gettext("First name"), [validators.Required(lazy_gettext("Please enter your first name."))]) lastname = TextField(lazy_gettext("Last name"), [validators.Required(lazy_gettext("Please enter your last name."))]) - email = TextField(lazy_gettext("Email"), [validators.Required(lazy_gettext("Please enter your email."))]) - password = PasswordField(lazy_gettext("Password")) + email = EmailField(lazy_gettext("Email"), [validators.Length(min=6, max=35), validators.Required(lazy_gettext("Please enter your email."))]) + password = PasswordField(lazy_gettext("Password"), [validators.Length(min=6, max=100)]) submit = SubmitField(lazy_gettext("Save")) def __init__(self, *args, **kwargs): @@ -102,4 +109,10 @@ class ProfileForm(Form): def validate(self): if not Form.validate(self): return False + if self.firstname.data != User.make_valid_nickname(self.firstname.data): + self.firstname.errors.append(lazy_gettext('This firstname has invalid characters. Please use letters, numbers, dots and underscores only.')) + return False + if self.lastname.data != User.make_valid_nickname(self.lastname.data): + self.lastname.errors.append(lazy_gettext('This lastname has invalid characters. Please use letters, numbers, dots and underscores only.')) + return False return True |