1 files changed, 21 insertions, 13 deletions

diff --git a/mediagoblin/auth/tools.py b/mediagoblin/auth/tools.py
index 39df85af..ae6fadf6 100644
--- a/mediagoblin/auth/tools.py
+++ b/mediagoblin/auth/tools.py
@@ -16,12 +16,14 @@
 
 
 import logging
+
+import six
 import wtforms
 from sqlalchemy import or_
 
 from mediagoblin import mg_globals
 from mediagoblin.tools.crypto import get_timed_signer_url
-from mediagoblin.db.models import User, Privilege
+from mediagoblin.db.models import LocalUser, Privilege
 from mediagoblin.tools.mail import (normalize_email, send_email,
                                     email_debug_message)
 from mediagoblin.tools.template import render_template
@@ -32,14 +34,19 @@ from mediagoblin import auth
 _log = logging.getLogger(__name__)
 
 
-def normalize_user_or_email_field(allow_email=True, allow_user=True):
-    """
-    Check if we were passed a field that matches a username and/or email
+def normalize_user_or_email_field(allow_email=True, allow_user=True,
+                                  is_login=False):
+    """Check if we were passed a field that matches a username and/or email
     pattern.
 
     This is useful for fields that can take either a username or email
-    address. Use the parameters if you want to only allow a username for
-    instance"""
+    address. Use the parameters if you want to only allow a username
+    for instance
+
+    is_login : bool
+        If is_login is True, does not check the length of username.
+
+    """
     message = _(u'Invalid User name or email address.')
     nomail_msg = _(u"This field does not take email addresses.")
     nouser_msg = _(u"This field requires an email address.")
@@ -54,8 +61,9 @@ def normalize_user_or_email_field(allow_email=True, allow_user=True):
         else:  # lower case user names
             if not allow_user:
                 raise wtforms.ValidationError(nouser_msg)
-            wtforms.validators.Length(min=3, max=30)(form, field)
-            wtforms.validators.Regexp(r'^\w+$')(form, field)
+            if not is_login:
+                wtforms.validators.Length(min=3, max=30)(form, field)
+            wtforms.validators.Regexp(r'^[-_\w]+$')(form, field)
             field.data = field.data.lower()
         if field.data is None:  # should not happen, but be cautious anyway
             raise wtforms.ValidationError(message)
@@ -104,9 +112,9 @@ def send_verification_email(user, request, email=None,
 
 
 def basic_extra_validation(register_form, *args):
-    users_with_username = User.query.filter_by(
+    users_with_username = LocalUser.query.filter_by(
         username=register_form.username.data).count()
-    users_with_email = User.query.filter_by(
+    users_with_email = LocalUser.query.filter_by(
         email=register_form.email.data).count()
 
     extra_validation_passes = True
@@ -136,7 +144,7 @@ def register_user(request, register_form):
         user.save()
 
         # log the user in
-        request.session['user_id'] = unicode(user.id)
+        request.session['user_id'] = six.text_type(user.id)
         request.session.save()
 
         # send verification email
@@ -182,13 +190,13 @@ def no_auth_logout(request):
     Log out the user if no authentication is enabled, but don't delete
     the messages
     """
-    if not mg_globals.app.auth and 'user_id' in request.session:
+    if not request.app.auth and 'user_id' in request.session:
         del request.session['user_id']
         request.session.save()
 
 
 def create_basic_user(form):
-    user = User()
+    user = LocalUser()
     user.username = form.username.data
     user.email = form.email.data
     user.save()