From d36304dc257e5ca241b452292a53c93103e1a979 Mon Sep 17 00:00:00 2001 From: Harry Rein Date: Tue, 5 Sep 2017 10:16:59 -0400 Subject: [PATCH] Allow social usernames to contain periods. LEARNER-2453 --- .../core/djangoapps/user_api/accounts/tests/test_utils.py | 1 + openedx/core/djangoapps/user_api/accounts/utils.py | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/openedx/core/djangoapps/user_api/accounts/tests/test_utils.py b/openedx/core/djangoapps/user_api/accounts/tests/test_utils.py index 0b4428d2d9..da1a7bf017 100644 --- a/openedx/core/djangoapps/user_api/accounts/tests/test_utils.py +++ b/openedx/core/djangoapps/user_api/accounts/tests/test_utils.py @@ -35,6 +35,7 @@ class UserAccountSettingsTest(TestCase): ('twitter', 'https://www.twitter.com/edX/123s', None, False), ('twitter', 'twitter.com/edX', 'https://www.twitter.com/edX', True), ('twitter', 'twitter.com/edX?foo=bar', 'https://www.twitter.com/edX', True), + ('twitter', 'twitter.com/test.user', 'https://www.twitter.com/test.user', True), ('linkedin', 'www.linkedin.com/harryrein', None, False), ('linkedin', 'www.linkedin.com/in/harryrein-1234', 'https://www.linkedin.com/in/harryrein-1234', True), ('linkedin', 'www.evilwebsite.com/123?www.linkedin.com/edX', None, False), diff --git a/openedx/core/djangoapps/user_api/accounts/utils.py b/openedx/core/djangoapps/user_api/accounts/utils.py index 9097c19f0c..c69f90ed9f 100644 --- a/openedx/core/djangoapps/user_api/accounts/utils.py +++ b/openedx/core/djangoapps/user_api/accounts/utils.py @@ -85,6 +85,7 @@ def _get_username_from_social_link(platform_name, new_social_link): def _is_valid_social_username(value): """ Given a particular string, returns whether the string can be considered a safe username. - A safe username contains only hyphens, underscores or other alphanumerical characters. + This is a very liberal validation step, simply assuring forward slashes do not exist + in the username. """ - return bool(re.match('^[a-zA-Z0-9_-]*$', value)) + return '/' not in value