Fixed #5786: relaxed the validation for usernames to allow more common characters '@', etc.

This is really just a stop-gap until we come up with a improved way of handling
disparate auth data, but it should help us stretch a bit more milage out of the
current system.

Thanks to alextreme, lbruno, and clayg.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@12634 bcc190cf-cafb-0310-a4f2-bffc1f526a37

django/contrib/auth/forms.py

@@ -11,9 +11,9 @@ class UserCreationForm(forms.ModelForm):
     """
     A form that creates a user, with no privileges, from the given username and password.
     """
-    username = forms.RegexField(label=_("Username"), max_length=30, regex=r'^\w+$',
+    username = forms.RegexField(label=_("Username"), max_length=30, regex=r'^[\w.@+-]+$',
-        help_text = _("Required. 30 characters or fewer. Alphanumeric characters only (letters, digits and underscores)."),
+        help_text = _("Required. 30 characters or fewer. Letters, digits and @/./+/-/_ only."),
-        error_message = _("This value must contain only letters, numbers and underscores."))
+        error_message = _("This value may contain only letters, numbers and @/./+/-/_ characters."))
     password1 = forms.CharField(label=_("Password"), widget=forms.PasswordInput)
     password2 = forms.CharField(label=_("Password confirmation"), widget=forms.PasswordInput,
         help_text = _("Enter the same password as above, for verification."))
@@ -45,9 +45,9 @@ class UserCreationForm(forms.ModelForm):
         return user
 
 class UserChangeForm(forms.ModelForm):
-    username = forms.RegexField(label=_("Username"), max_length=30, regex=r'^\w+$',
+    username = forms.RegexField(label=_("Username"), max_length=30, regex=r'^[\w.@+-]+$',
-        help_text = _("Required. 30 characters or fewer. Alphanumeric characters only (letters, digits and underscores)."),
+        help_text = _("Required. 30 characters or fewer. Letters, digits and @/./+/-/_ only."),
-        error_message = _("This value must contain only letters, numbers and underscores."))
+        error_message = _("This value may contain only letters, numbers and @/./+/-/_ characters."))
     
     class Meta:
         model = User

django/contrib/auth/models.py

@@ -177,7 +177,7 @@ class User(models.Model):
 
     Username and password are required. Other fields are optional.
     """
-    username = models.CharField(_('username'), max_length=30, unique=True, help_text=_("Required. 30 characters or fewer. Alphanumeric characters only (letters, digits and underscores)."))
+    username = models.CharField(_('username'), max_length=30, unique=True, help_text=_("Required. 30 characters or fewer. Letters, numbers and @/./+/-/_ characters"))
     first_name = models.CharField(_('first name'), max_length=30, blank=True)
     last_name = models.CharField(_('last name'), max_length=30, blank=True)
     email = models.EmailField(_('e-mail address'), blank=True)

django/contrib/auth/tests/forms.py

@@ -21,7 +21,7 @@ False
 # The username contains invalid data.
 
 >>> data = {
-...     'username': 'jsmith@example.com',
+...     'username': 'jsmith!',
 ...     'password1': 'test123',
 ...     'password2': 'test123',
 ... }
@@ -29,7 +29,7 @@ False
 >>> form.is_valid()
 False
 >>> form["username"].errors
-[u'This value must contain only letters, numbers and underscores.']
+[u'This value may contain only letters, numbers and @/./+/-/_ characters.']
 
 # The verification password is incorrect.
 
@@ -65,7 +65,7 @@ False
 # The success case.
 
 >>> data = {
-...     'username': 'jsmith2',
+...     'username': 'jsmith2@example.com',
 ...     'password1': 'test123',
 ...     'password2': 'test123',
 ... }
@@ -73,7 +73,7 @@ False
 >>> form.is_valid()
 True
 >>> form.save()
-<User: jsmith2>
+<User: jsmith2@example.com>
 
 # The user submits an invalid username.
 
@@ -189,7 +189,7 @@ True
 >>> form.is_valid()
 False
 >>> form['username'].errors
-[u'This value must contain only letters, numbers and underscores.']
+[u'This value may contain only letters, numbers and @/./+/-/_ characters.']
 
 
 ### PasswordResetForm

docs/releases/1.2.txt

@@ -742,3 +742,10 @@ views in your :ref:`URLconf <topics-http-urls>`. This means that you can
 maintain complete control over the URL structure of your feeds. Like any other view, feeds views are passed a ``request`` object, so you can
 do anything you would normally do with a view, like user based access control,
 or making a feed a named URL.
+
+Relaxed requirements for usernames
+----------------------------------
+
+The built-in :class:`~django.contrib.auth.models.User` model's
+:attr:`~django.contrib.auth.models.User.username` field now allows a wider range
+of characters, including ``@``, ``+``, ``.`` and ``-`` characters.

docs/topics/auth.txt

@@ -71,6 +71,9 @@ Fields
 
         Required. 30 characters or fewer. Alphanumeric characters only
         (letters, digits and underscores).
+        
+        .. versionchanged:: 1.2
+           Usernames may now contain ``@``, ``+``, ``.`` and ``-`` characters.
 
     .. attribute:: models.User.first_name