1 files changed, 37 insertions, 14 deletions

diff --git a/mediagoblin/auth/forms.py b/mediagoblin/auth/forms.py
index 0b2bf959..7cae951a 100644
--- a/mediagoblin/auth/forms.py
+++ b/mediagoblin/auth/forms.py
@@ -17,52 +17,75 @@
 import wtforms
 import re
 
+from mediagoblin.tools.mail import normalize_email
 from mediagoblin.tools.translate import fake_ugettext_passthrough as _
 
+def normalize_user_or_email_field(allow_email=True, allow_user=True):
+    """Check if we were passed a field that matches a username and/or email pattern
+
+    This is useful for fields that can take either a username or email
+    address. Use the parameters if you want to only allow a username for
+    instance"""
+    message = _(u'Invalid User name or email address.')
+    nomail_msg = _(u"This field does not take email addresses.")
+    nouser_msg = _(u"This field requires an email address.")
+
+    def _normalize_field(form, field):
+        email = u'@' in field.data
+        if email: # normalize email address casing
+            if not allow_email:
+                raise wtforms.ValidationError(nomail_msg)
+            wtforms.validators.Email()(form, field)
+            field.data = normalize_email(field.data)
+        else: # lower case user names
+            if not allow_user:
+                raise wtforms.ValidationError(nouser_msg)
+            wtforms.validators.Length(min=3, max=30)(form, field)
+            wtforms.validators.Regexp(r'^\w+$')(form, field)
+            field.data = field.data.lower()
+        if field.data is None: # should not happen, but be cautious anyway
+            raise wtforms.ValidationError(message)
+    return _normalize_field
+
 
 class RegistrationForm(wtforms.Form):
     username = wtforms.TextField(
         _('Username'),
         [wtforms.validators.Required(),
-         wtforms.validators.Length(min=3, max=30),
-         wtforms.validators.Regexp(r'^\w+$')])
+         normalize_user_or_email_field(allow_email=False)])
     password = wtforms.PasswordField(
         _('Password'),
         [wtforms.validators.Required(),
-         wtforms.validators.Length(min=6, max=30)])
+         wtforms.validators.Length(min=5, max=1024)])
     email = wtforms.TextField(
         _('Email address'),
         [wtforms.validators.Required(),
-         wtforms.validators.Email()])
+         normalize_user_or_email_field(allow_user=False)])
 
 
 class LoginForm(wtforms.Form):
     username = wtforms.TextField(
         _('Username'),
         [wtforms.validators.Required(),
-         wtforms.validators.Regexp(r'^\w+$')])
+         normalize_user_or_email_field(allow_email=False)])
     password = wtforms.PasswordField(
         _('Password'),
-        [wtforms.validators.Required()])
+        [wtforms.validators.Required(),
+         wtforms.validators.Length(min=5, max=1024)])
 
 
 class ForgotPassForm(wtforms.Form):
     username = wtforms.TextField(
         _('Username or email'),
-        [wtforms.validators.Required()])
-
-    def validate_username(form, field):
-        if not (re.match(r'^\w+$', field.data) or
-               re.match(r'^.+@[^.].*\.[a-z]{2,10}$', field.data,
-                        re.IGNORECASE)):
-            raise wtforms.ValidationError(_(u'Incorrect input'))
+        [wtforms.validators.Required(),
+         normalize_user_or_email_field()])
 
 
 class ChangePassForm(wtforms.Form):
     password = wtforms.PasswordField(
         'Password',
         [wtforms.validators.Required(),
-         wtforms.validators.Length(min=6, max=30)])
+         wtforms.validators.Length(min=5, max=1024)])
     userid = wtforms.HiddenField(
         '',
         [wtforms.validators.Required()])