From 874d7360c1441d20dc1927576fd3a41aa88d3ec2 Mon Sep 17 00:00:00 2001
From: Waheed Ahmed <waheed.ahmed@arbisoft.com>
Date: Fri, 21 Feb 2014 19:00:52 +0500
Subject: [PATCH] Added validation for username and email max length. LMS-1479

---
 .../student/tests/test_long_username_email.py | 53 +++++++++++++++++++
 .../student/tests/test_password_policy.py     |  7 ++-
 common/djangoapps/student/views.py            | 13 +++++
 .../tests/test_registration_extra_vars.py     | 10 ++--
 4 files changed, 73 insertions(+), 10 deletions(-)
 create mode 100644 common/djangoapps/student/tests/test_long_username_email.py

diff --git a/common/djangoapps/student/tests/test_long_username_email.py b/common/djangoapps/student/tests/test_long_username_email.py
new file mode 100644
index 0000000000..6c4274a3f2
--- /dev/null
+++ b/common/djangoapps/student/tests/test_long_username_email.py
@@ -0,0 +1,53 @@
+# -*- coding: utf-8 -*-
+
+import json
+from django.test import TestCase
+from django.core.urlresolvers import reverse
+
+
+class TestLongUsernameEmail(TestCase):
+
+    def setUp(self):
+        self.url = reverse('create_account')
+        self.url_params = {
+            'username': 'username',
+            'email': 'foo_bar' + '@bar.com',
+            'name': 'foo bar',
+            'password': '123',
+            'terms_of_service': 'true',
+            'honor_code': 'true',
+        }
+
+    def test_long_username(self):
+        """
+        Test username cannot be more than 30 characters long.
+        """
+
+        self.url_params['username'] = 'username' * 4
+        response = self.client.post(self.url, self.url_params)
+
+        # Status code should be 400.
+        self.assertEqual(response.status_code, 400)
+
+        obj = json.loads(response.content)
+        self.assertEqual(
+            obj['value'],
+            "Username cannot be more than 30 characters long",
+        )
+
+    def test_long_email(self):
+        """
+        Test email cannot be more than 75 characters long.
+        """
+
+        self.url_params['email'] = '{0}@bar.com'.format('foo_bar' * 15)
+        response = self.client.post(self.url, self.url_params)
+
+        # Status code should be 400.
+        self.assertEqual(response.status_code, 400)
+
+        obj = json.loads(response.content)
+        self.assertEqual(
+            obj['value'],
+            "Email cannot be more than 75 characters long",
+        )
diff --git a/common/djangoapps/student/tests/test_password_policy.py b/common/djangoapps/student/tests/test_password_policy.py
index eaf296f7c2..647288ad0f 100644
--- a/common/djangoapps/student/tests/test_password_policy.py
+++ b/common/djangoapps/student/tests/test_password_policy.py
@@ -3,8 +3,6 @@
 This test file will verify proper password policy enforcement, which is an option feature
 """
 import json
-import uuid
-
 from django.test import TestCase
 from django.core.urlresolvers import reverse
 from mock import patch
@@ -19,9 +17,10 @@ class TestPasswordPolicy(TestCase):
     def setUp(self):
         super(TestPasswordPolicy, self).setUp()
         self.url = reverse('create_account')
+
         self.url_params = {
-            'username': 'foo_bar' + uuid.uuid4().hex,
-            'email': 'foo' + uuid.uuid4().hex + '@bar.com',
+            'username': 'username',
+            'email': 'foo_bar@bar.com',
             'name': 'username',
             'terms_of_service': 'true',
             'honor_code': 'true',
diff --git a/common/djangoapps/student/views.py b/common/djangoapps/student/views.py
index 29d4ee06df..01bdd64509 100644
--- a/common/djangoapps/student/views.py
+++ b/common/djangoapps/student/views.py
@@ -1080,6 +1080,19 @@ def create_account(request, post_override=None):
             js['field'] = field_name
             return JsonResponse(js, status=400)
 
+        max_length = 75
+        if field_name == 'username':
+            max_length = 30
+
+        if field_name in ('email', 'username') and len(post_vars[field_name]) > max_length:
+            error_str = {
+                'username': _('Username cannot be more than {0} characters long').format(max_length),
+                'email': _('Email cannot be more than {0} characters long').format(max_length)
+            }
+            js['value'] = error_str[field_name]
+            js['field'] = field_name
+            return JsonResponse(js, status=400)
+
     try:
         validate_email(post_vars['email'])
     except ValidationError:
diff --git a/lms/djangoapps/courseware/tests/test_registration_extra_vars.py b/lms/djangoapps/courseware/tests/test_registration_extra_vars.py
index af8c8361a5..5ebb559755 100644
--- a/lms/djangoapps/courseware/tests/test_registration_extra_vars.py
+++ b/lms/djangoapps/courseware/tests/test_registration_extra_vars.py
@@ -3,8 +3,6 @@
 Tests for extra registration variables
 """
 import json
-import uuid
-
 from django.conf import settings
 from django.test import TestCase
 from django.core.urlresolvers import reverse
@@ -18,11 +16,11 @@ class TestExtraRegistrationVariables(TestCase):
     def setUp(self):
         super(TestExtraRegistrationVariables, self).setUp()
         self.url = reverse('create_account')
-        username = 'foo_bar' + uuid.uuid4().hex
+
         self.url_params = {
-            'username': username,
-            'name': username,
-            'email': 'foo' + uuid.uuid4().hex + '@bar.com',
+            'username': 'username',
+            'name': 'name',
+            'email': 'foo_bar@bar.com',
             'password': 'password',
             'terms_of_service': 'true',
             'honor_code': 'true',