[Fix] Login via email, prevent Usernames with certain chars

2026-02-16 13:58:06 +01:00
parent 58ab5b33e3
commit 5150027f0d
2 changed files with 29 additions and 5 deletions
--- a/epdb/views.py
+++ b/epdb/views.py
@ -6,7 +6,9 @@ from typing import Any, Dict, List
 import nh3
 from django.conf import settings as s
 from django.contrib.auth import get_user_model
-from django.core.exceptions import BadRequest, PermissionDenied
+from django.contrib.auth.validators import UnicodeUsernameValidator
 from django.core.exceptions import BadRequest, PermissionDenied, ValidationError
 from django.core.validators import validate_email
 from django.http import HttpResponse, HttpResponseBadRequest, HttpResponseNotAllowed, JsonResponse
 from django.shortcuts import get_object_or_404, redirect, render
 from django.urls import reverse
@ -160,14 +162,27 @@ def login(request):
        # Get email for username and check if the account is active
        try:
-            temp_user = get_user_model().objects.get(username=username)
+            # Try username and if it fails check if username is a valid email adress and we'll find a user
            try:
                temp_user = get_user_model().objects.get(username=username)
            except get_user_model().DoesNotExist as e:
                # validate_email returns None if input is valid -> check for None
                # Otherwise a ValidationError is raised
                if validate_email(username) is None:
                    temp_user = get_user_model().objects.get(email=username)
                else:
                    raise e
            if not temp_user.is_active:
                context["message"] = "User account is not activated yet!"
                return render(request, "static/login.html", context)
            email = temp_user.email
-        except get_user_model().DoesNotExist:
+        except (get_user_model().DoesNotExist, ValidationError):
            context["message"] = "Login failed!"
            return render(request, "static/login.html", context)
        except Exception as e:
            logger.info(f"Uncaught exception while trying to login: {e}")
            context["message"] = "Login failed!"
            return render(request, "static/login.html", context)
@ -230,6 +245,13 @@ def register(request):
            context["message"] = "Invalid username/email/password"
            return render(request, "static/login.html", context)
        if UnicodeUsernameValidator(username) is not None:
            context["message"] = (
                "Enter a valid username. This value may contain only letters, "
                "numbers, and @/./+/-/_ characters."
            )
            return render(request, "static/login.html", context)
        if password != rpassword or password == "":
            context["message"] = "Registration failed, provided passwords differ!"
            return render(request, "static/login.html", context)
--- a/templates/static/login.html
+++ b/templates/static/login.html
@ -82,13 +82,13 @@
      <div class="form-control">
        <label class="label" for="username">
-          <span class="label-text">Username</span>
+          <span class="label-text">Account</span>
        </label>
        <input
          type="text"
          id="username"
          name="username"
-          placeholder="username"
+          placeholder="Username or Email"
          class="input input-bordered w-full"
          required
          autocomplete="username"
@ -164,6 +164,8 @@
          name="username"
          placeholder="username"
          class="input input-bordered w-full"
          pattern="^[A-Za-z0-9@.+_\-]{3,150}$"
          title="Only letters, numbers, and @ . + - _ are allowed"
          required
          autocomplete="username"
        />