From 78d13fb1c226b7f2d28ebbda7b91c86e8559512d Mon Sep 17 00:00:00 2001
From: Jacob Kaplan-Moss <jacob@jacobian.org>
Date: Mon, 25 Aug 2008 17:10:20 +0000
Subject: [PATCH] Fixed #8379: the admin user change form now properly
 validates the username. Thanks, kratorius.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@8544 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
 django/contrib/auth/admin.py       | 3 ++-
 django/contrib/auth/forms.py       | 8 ++++++++
 django/contrib/auth/tests/forms.py | 9 +++++++++
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/django/contrib/auth/admin.py b/django/contrib/auth/admin.py
index 873d29f02d..dfd7f37fac 100644
--- a/django/contrib/auth/admin.py
+++ b/django/contrib/auth/admin.py
@@ -7,7 +7,7 @@ from django.template import RequestContext
 from django.utils.html import escape
 from django.http import HttpResponseRedirect
 from django.utils.translation import ugettext, ugettext_lazy as _
-from django.contrib.auth.forms import UserCreationForm, AdminPasswordChangeForm
+from django.contrib.auth.forms import UserCreationForm, UserChangeForm, AdminPasswordChangeForm
 from django.contrib import admin
 
 class GroupAdmin(admin.ModelAdmin):
@@ -23,6 +23,7 @@ class UserAdmin(admin.ModelAdmin):
         (_('Important dates'), {'fields': ('last_login', 'date_joined')}),
         (_('Groups'), {'fields': ('groups',)}),
     )
+    form = UserChangeForm
     add_form = UserCreationForm
     change_password_form = AdminPasswordChangeForm
     list_display = ('username', 'email', 'first_name', 'last_name', 'is_staff')
diff --git a/django/contrib/auth/forms.py b/django/contrib/auth/forms.py
index 8df749c403..3f7b13d35a 100644
--- a/django/contrib/auth/forms.py
+++ b/django/contrib/auth/forms.py
@@ -43,6 +43,14 @@ class UserCreationForm(forms.ModelForm):
             user.save()
         return user
 
+class UserChangeForm(forms.ModelForm):
+    username = forms.RegexField(label=_("Username"), max_length=30, regex=r'^\w+$',
+        help_text = _("Required. 30 characters or fewer. Alphanumeric characters only (letters, digits and underscores)."),
+        error_message = _("This value must contain only letters, numbers and underscores."))
+    
+    class Meta:
+        model = User
+
 class AuthenticationForm(forms.Form):
     """
     Base class for authenticating users. Extend this to get a form that accepts
diff --git a/django/contrib/auth/tests/forms.py b/django/contrib/auth/tests/forms.py
index 797f6bdb3e..714cd4570d 100644
--- a/django/contrib/auth/tests/forms.py
+++ b/django/contrib/auth/tests/forms.py
@@ -181,4 +181,13 @@ True
 >>> PasswordChangeForm(user, {}).fields.keys()
 ['old_password', 'new_password1', 'new_password2']
 
+### UserChangeForm
+
+>>> from django.contrib.auth.forms import UserChangeForm
+>>> data = {'username': 'not valid'}
+>>> form = UserChangeForm(data, instance=user)
+>>> form.is_valid()
+False
+>>> form['username'].errors
+[u'This value must contain only letters, numbers and underscores.']
 """