Only trim username whitespace if context specifies

I didn't like that the previous change made it possible to *always* have leading/trailing whitespace around a username. For example, it made it so that you could go to "/user/ Deimos" and still see my user page because of the leading space being trimmed. This makes it so that you have to manually set a flag in the UserSchema context to enable the trimming, and then only does that on the login view.
6 years ago · 0c43b068fa
2 changed files with 13 additions and 4 deletions
--- a/tildes/tildes/schemas/user.py
+++ b/tildes/tildes/schemas/user.py
@ -93,12 +93,17 @@ class UserSchema(Schema):
            raise ValidationError("That password exists in a data breach (see sidebar)")

    @pre_load
-    def prepare_username(self, data: dict) -> dict:
-        """Prepare the username value before it's validated."""
+    def username_trim_whitespace(self, data: dict) -> dict:
+        """Trim leading/trailing whitespace around the username.
+
+        Requires username_trim_whitespace be True in the schema's context.
+        """
+        if not self.context.get("username_trim_whitespace"):
+            return data
+
        if "username" not in data:
            return data

-        # strip any leading/trailing whitespace
        data["username"] = data["username"].strip()

        return data
--- a/tildes/tildes/views/login.py
+++ b/tildes/tildes/views/login.py
@ -49,7 +49,11 @@ def finish_login(request: Request, user: User) -> None:
@view_config(
    route_name="login", request_method="POST", permission=NO_PERMISSION_REQUIRED
 )
-@use_kwargs(UserSchema(only=("username", "password"), strict=True))
+@use_kwargs(
+    UserSchema(
+        only=("username", "password"), context={"username_trim_whitespace": True}
+    )
+)
@not_logged_in
@rate_limit_view("login")
 def post_login(request: Request, username: str, password: str) -> HTTPFound: