From f2a1963f4d4ba02dfb174b7b6c435aed465498cf Mon Sep 17 00:00:00 2001
From: zhengxie <xiez1989@gmail.com>
Date: Tue, 15 Apr 2014 13:37:36 +0800
Subject: [PATCH] Add email checking in api and remove single quote support in
 email address

---
 seahub/api2/serializers.py |  5 +++++
 seahub/auth/forms.py       | 10 ++++++++--
 seahub/base/accounts.py    |  6 +++++-
 seahub/utils/__init__.py   | 12 ++++++++++--
 4 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/seahub/api2/serializers.py b/seahub/api2/serializers.py
index 5f2bf26d4e..7e9bb5763e 100644
--- a/seahub/api2/serializers.py
+++ b/seahub/api2/serializers.py
@@ -1,6 +1,7 @@
 from rest_framework import serializers
 
 from seahub.auth import authenticate
+from seahub.utils import is_valid_username
 
 class AuthTokenSerializer(serializers.Serializer):
     username = serializers.CharField()
@@ -10,6 +11,10 @@ class AuthTokenSerializer(serializers.Serializer):
         username = attrs.get('username')
         password = attrs.get('password')
 
+        if username:
+            if not is_valid_username(username):
+                raise serializers.ValidationError('username is not valid.')
+
         if username and password:
             user = authenticate(username=username, password=password)
 
diff --git a/seahub/auth/forms.py b/seahub/auth/forms.py
index 17956f5dff..54d7dd44a6 100644
--- a/seahub/auth/forms.py
+++ b/seahub/auth/forms.py
@@ -7,7 +7,7 @@ from django.utils.http import int_to_base36
 from seahub.base.accounts import User
 from seahub.auth import authenticate
 from seahub.auth.tokens import default_token_generator
-from seahub.utils import IS_EMAIL_CONFIGURED
+from seahub.utils import IS_EMAIL_CONFIGURED, is_valid_username
 
 from captcha.fields import CaptchaField
 
@@ -16,7 +16,7 @@ class AuthenticationForm(forms.Form):
     Base class for authenticating users. Extend this to get a form that accepts
     username/password logins.
     """
-    username = forms.EmailField(label=_("Username"), max_length=255)
+    username = forms.CharField(label=_("Username"), max_length=255)
     password = forms.CharField(label=_("Password"), widget=forms.PasswordInput)
 
     def __init__(self, request=None, *args, **kwargs):
@@ -30,6 +30,12 @@ class AuthenticationForm(forms.Form):
         self.user_cache = None
         super(AuthenticationForm, self).__init__(*args, **kwargs)
 
+    def clean_username(self):
+        username = self.cleaned_data['username']
+        if not is_valid_username(username):
+            raise forms.ValidationError(_("Enter a valid email address."))
+        return self.cleaned_data['username']
+
     def clean(self):
         username = self.cleaned_data.get('username')
         password = self.cleaned_data.get('password')
diff --git a/seahub/base/accounts.py b/seahub/base/accounts.py
index 6e58b3ffc9..358811310d 100644
--- a/seahub/base/accounts.py
+++ b/seahub/base/accounts.py
@@ -13,6 +13,7 @@ from registration import signals
 from seaserv import ccnet_threaded_rpc, unset_repo_passwd, is_passwd_set
 
 from seahub.profile.models import Profile, DetailedProfile
+from seahub.utils import is_valid_username
 
 
 UNUSABLE_PASSWORD = '!' # This will never be a valid hash
@@ -386,7 +387,7 @@ class RegistrationForm(forms.Form):
     """
     attrs_dict = { 'class': 'required' }
 
-    email = forms.EmailField(widget=forms.TextInput(attrs=dict(attrs_dict,
+    email = forms.CharField(widget=forms.TextInput(attrs=dict(attrs_dict,
                                                                maxlength=75)),
                              label=_("Email address"))
     userid = forms.RegexField(regex=r'^\w+$',
@@ -403,6 +404,9 @@ class RegistrationForm(forms.Form):
 
     def clean_email(self):
         email = self.cleaned_data['email']
+        if not is_valid_username(email):
+            raise forms.ValidationError(_("Enter a valid email address."))
+
         emailuser = ccnet_threaded_rpc.get_emailuser(email)
         if not emailuser:
             return self.cleaned_data['email']
diff --git a/seahub/utils/__init__.py b/seahub/utils/__init__.py
index 0547e344b0..9fe1e251ea 100644
--- a/seahub/utils/__init__.py
+++ b/seahub/utils/__init__.py
@@ -13,7 +13,6 @@ from urlparse import urlparse
 
 import ccnet
 
-from django.core.validators import email_re
 from django.core.urlresolvers import reverse
 from django.contrib.sites.models import RequestSite
 from django.db import IntegrityError
@@ -207,6 +206,15 @@ def normalize_file_path(path):
     """
     return path.rstrip('/')
 
+# modified from django1.5:/core/validators, and remove the support for single
+# quote in email address
+email_re = re.compile(
+    r"(^[-!#$%&*+/=?^_`{}|~0-9A-Z]+(\.[-!#$%&*+/=?^_`{}|~0-9A-Z]+)*"  # dot-atom
+    # quoted-string, see also http://tools.ietf.org/html/rfc2822#section-3.2.5
+    r'|^"([\001-\010\013\014\016-\037!#-\[\]-\177]|\\[\001-\011\013\014\016-\177])*"'
+    r')@((?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+(?:[A-Z]{2,6}\.?|[A-Z0-9-]{2,}\.?)$)'  # domain
+    r'|\[(25[0-5]|2[0-4]\d|[0-1]?\d?\d)(\.(25[0-5]|2[0-4]\d|[0-1]?\d?\d)){3}\]$', re.IGNORECASE)  # literal form, ipv4 address (SMTP 4.1.3)
+
 def is_valid_email(email):
     """A heavy email format validation.
     """
@@ -216,7 +224,7 @@ def is_valid_username(username):
     """Check whether username is valid, currently only email can be a username.
     """
     return is_valid_email(username)
-    
+
 def check_filename_with_rename(repo_id, parent_dir, filename):
     cmmts = get_commits(repo_id, 0, 1)
     latest_commit = cmmts[0] if cmmts else None