Merge branch '622-add-preference-for-disallowed-usernames' into 'master'

AlekSIS-Core 4.0: Resolve "Add preference for disallowed usernames" Closes #622 See merge request !1239

Merge branch '622-add-preference-for-disallowed-usernames' into 'master'
c41b75bf · Jonathan Weth · db3f2c2f · 71991917 · c41b75bf · c41b75bf
Commit c41b75bf authored 1 year ago by Jonathan Weth
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -37,6 +37,7 @@ Added
 * Management of personal calendar events.
 * [Dev] Support running of data checks before/after migrations.
 * Views can request to span the entire screen width.
+* Add option to disallow reserved usernames.

 Changed
 ~~~~~~~

--- a/aleksis/core/data_checks.py
+++ b/aleksis/core/data_checks.py
@@ -384,6 +384,25 @@ def field_validation_data_check_factory(app_name: str, model_name: str, field_na
    return FieldValidationDataCheck


+class DisallowedUIDDataCheck(DataCheck):
+    name = "disallowed_uid"
+    verbose_name = _("Ensure that there are no disallowed usernames.")
+    problem_name = _("A user with a disallowed username was reported automatically.")
+    solve_options = {
+        IgnoreSolveOption.name: IgnoreSolveOption,
+    }
+
+    @classmethod
+    def check_data(cls):
+        from django.contrib.auth.models import User
+
+        disallowed_uids = get_site_preferences()["auth__disallowed_uids"].split(",")
+
+        for user in User.objects.filter(username__in=disallowed_uids):
+            logging.info(f"Check User {user}")
+            cls.register_result(user)
+
+
 field_validation_data_check_factory("core", "CustomMenuItem", "icon")



--- a/aleksis/core/preferences.py
+++ b/aleksis/core/preferences.py
@@ -10,6 +10,7 @@ from dynamic_preferences.types import (
    ChoicePreference,
    FilePreference,
    IntegerPreference,
+    LongStringPreference,
    ModelMultipleChoicePreference,
    MultipleChoicePreference,
    StringPreference,
@@ -529,3 +530,17 @@ class ActivatedCalendars(MultipleChoicePreference):

    field_attribute = {"initial": []}
    choices = [(feed.name, feed.verbose_name) for feed in CalendarEventMixin.valid_feeds]
+
+
+@site_preferences_registry.register
+class DisallowedUids(LongStringPreference):
+    section = auth
+    name = "disallowed_uids"
+    default = (
+        "bin,daemon,Debian-exim,freerad,games,gnats,irc,list,lp,mail,man,messagebus,news,"
+        "nslcd,ntp,openldap,postfix,postgres,proxy,root,sshd,sssd,statd,sync,sys,systemd-bus-proxy,"
+        "systemd-network,systemd-resolve,systemd-timesync,uucp,www-data,"
+        "webmaster,hostmaster,postmaster"
+    )
+    required = False
+    verbose_name = _("Comma-separated list of disallowed usernames")
--- a/aleksis/core/settings.py
+++ b/aleksis/core/settings.py
@@ -1086,3 +1086,7 @@ X_FRAME_OPTIONS = "SAMEORIGIN"
 INSTALLED_APPS.append("django_cleanup.apps.CleanupConfig")

 locals().update(get_app_settings_overrides())
+
+ABSOLUTE_URL_OVERRIDES = {
+    "auth.user": lambda o: f"/admin/auth/user/{o.pk}/change",
+}
--- a/aleksis/core/util/auth_helpers.py
+++ b/aleksis/core/util/auth_helpers.py
@@ -4,8 +4,10 @@ from typing import Any, Optional

 from django.conf import settings
 from django.contrib.auth.validators import ASCIIUsernameValidator
+from django.core.exceptions import ValidationError
 from django.core.validators import RegexValidator
 from django.http import HttpRequest
+from django.utils.translation import gettext_lazy as _

 from allauth.account.adapter import DefaultAccountAdapter
 from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
@@ -148,4 +150,13 @@ def validate_username_preference_regex(value: str):
    return RegexValidator(regex)(value)


-custom_username_validators = [validate_username_preference_regex, ASCIIUsernameValidator()]
+def validate_username_preference_disallowed_uid(value: str):
+    if value in get_site_preferences()["auth__disallowed_uids"].split(","):
+        raise ValidationError(_("This username is not allowed."))
+
+
+custom_username_validators = [
+    validate_username_preference_regex,
+    ASCIIUsernameValidator(),
+    validate_username_preference_disallowed_uid,
+]