ietf-tools · jennifer-richards · Feb 29, 2024 · Feb 29, 2024 · Feb 29, 2024 · Mar 1, 2024
diff --git a/ietf/ietfauth/forms.py b/ietf/ietfauth/forms.py
@@ -10,6 +10,7 @@
 from django.core.exceptions import ValidationError
 from django.db import models
 from django.contrib.auth.models import User
+from django.contrib.auth.validators import ASCIIUsernameValidator
 
 import debug                            # pyflakes:ignore
 
@@ -20,8 +21,21 @@
 from .widgets import PasswordStrengthInput, PasswordConfirmationInput
 
 
+validate_username_email = ASCIIUsernameValidator(
+    message=(
+        "This value may contain only unaccented lowercase a-z "
+        "and uppercase A-Z letters, numbers, and @/./+/-/_ characters."
+    )
+)
+
+
+class UsernameEmailField(forms.EmailField):
+    """Email that is suitable for a username"""
+    default_validators = forms.EmailField.default_validators + [validate_username_email]
+
+
 class RegistrationForm(forms.Form):
-    email = forms.EmailField(label="Your email (lowercase)")
+    email = UsernameEmailField(label="Your email (lowercase)")
 
     def clean_email(self):
         email = self.cleaned_data.get('email', '')
@@ -230,10 +244,19 @@ def __init__(self, user, *args, **kwargs):
         assert isinstance(user, User)
         super(ChangeUsernameForm, self).__init__(*args, **kwargs)
         self.user = user
-        emails = user.person.email_set.filter(active=True)
-        choices = [ (email.address, email.address) for email in emails ]
+        choices = [(email.address, email.address) for email in self._allowed_emails(user)]
         self.fields['username'] = forms.ChoiceField(choices=choices)
 
+    @staticmethod
+    def _allowed_emails(user):
+        for email in user.person.email_set.filter(active=True):
+            try:
+                validate_username_email(email.address)
+            except ValidationError:
+                pass
+            else:
+                yield email
+
     def clean_password(self):
         password = self.cleaned_data['password']
         if not self.user.check_password(password):

diff --git a/ietf/templates/registration/change_username.html b/ietf/templates/registration/change_username.html
@@ -13,6 +13,9 @@ <h1>Change username</h1>
         email address, then please first
         <a href="{% url 'ietf.ietfauth.views.profile' %}">edit your profile</a>
         to add that email address to the active email addresses for your account.
+        Usernames are restricted to alphanumeric characters and the characters
+        "@", ".", "+", "-", and "_". Email addresses with other characters may
+        not be chosen as a username. 
     </div>
     <form method="post" class="my-3">
         {% csrf_token %}

diff --git a/ietf/templates/registration/create.html b/ietf/templates/registration/create.html
@@ -33,7 +33,9 @@ <h1>Account creation</h1>
             </div>
         </div>
         <p class="my-3">
-            Otherwise, please enter your email address in order to create your datatracker account.
+            Otherwise, please enter your email address in order to create your datatracker account. This email
+            address will be used as your datatracker username and must consist only of alphanumeric characters
+            and the symbols "@", ".", "+", "-", and "_".
         </p>
         <form method="post">
             {% csrf_token %}