From 87863b3baf942d28f0096a0f3a81f9a646624425 Mon Sep 17 00:00:00 2001
From: Tanner Collin <git@tannercollin.com>
Date: Thu, 10 Feb 2022 00:30:16 +0000
Subject: [PATCH] Add checks to username on login

---
 apiserver/apiserver/api/serializers.py | 21 +++++++++++++++++++++
 apiserver/apiserver/api/views.py       |  3 +++
 apiserver/apiserver/urls.py            |  2 +-
 3 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/apiserver/apiserver/api/serializers.py b/apiserver/apiserver/api/serializers.py
index 31793bc..5282da7 100644
--- a/apiserver/apiserver/api/serializers.py
+++ b/apiserver/apiserver/api/serializers.py
@@ -772,3 +772,24 @@ class SpaceportAuthSerializer(LoginSerializer):
                 user.member.save()
 
         return user
+
+class MyLoginSerializer(LoginSerializer):
+    def authenticate(self, **kwargs):
+        username = kwargs.get('username', '')
+
+        if 'your' in username and 'own' in username and 'name' in username:
+            raise ValidationError(dict(username='*server explodes*'))
+
+        if ' ' in username:
+            raise ValidationError(dict(username='Username shouldn\'t have spaces.'))
+
+        if 'first.last' in username:
+            raise ValidationError(dict(username='Don\'t literally try "first.last", use your own name.'))
+
+        if 'first.middle.last' in username:
+            raise ValidationError(dict(username='Don\'t literally try "first.middle.last", use your own name.'))
+
+        if not User.objects.filter(username=username).exists():
+            raise ValidationError(dict(username='Username not found. Try "first.last" or "first.middle.last".'))
+
+        return super().authenticate(**kwargs)
diff --git a/apiserver/apiserver/api/views.py b/apiserver/apiserver/api/views.py
index 153cf07..bae8f06 100644
--- a/apiserver/apiserver/api/views.py
+++ b/apiserver/apiserver/api/views.py
@@ -855,6 +855,9 @@ class PasswordResetConfirmView(PasswordResetConfirmView):
 class SpaceportAuthView(LoginView):
     serializer_class = serializers.SpaceportAuthSerializer
 
+class MyLoginView(LoginView):
+    serializer_class = serializers.MyLoginSerializer
+
 
 @api_view()
 def null_view(request, *args, **kwargs):
diff --git a/apiserver/apiserver/urls.py b/apiserver/apiserver/urls.py
index 9e5ca02..19f9d21 100644
--- a/apiserver/apiserver/urls.py
+++ b/apiserver/apiserver/urls.py
@@ -28,7 +28,7 @@ router.register(r'charts/spaceactivity', views.SpaceActivityViewSet, basename='s
 
 urlpatterns = [
     path('', include(router.urls)),
-    url(r'^rest-auth/login/$', LoginView.as_view(), name='rest_login'),
+    url(r'^rest-auth/login/$', views.MyLoginView.as_view(), name='rest_login'),
     url(r'^spaceport-auth/login/$', views.SpaceportAuthView.as_view(), name='spaceport_auth'),
     url(r'^rest-auth/logout/$', LogoutView.as_view(), name='rest_logout'),
     url(r'^password/reset/$', views.PasswordResetView.as_view(), name='rest_password_reset'),