From fd27649deb2e8ceaaad0ea29b8726e9a31219ac4 Mon Sep 17 00:00:00 2001
From: Ihsan Ullah <ihsan2131@gmail.com>
Date: Fri, 14 Mar 2025 11:42:29 +0500
Subject: [PATCH] do not allow special chars in usernames

---
 src/apps/profiles/forms.py | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/apps/profiles/forms.py b/src/apps/profiles/forms.py
index 3adb4d8e3..2a379f07a 100644
--- a/src/apps/profiles/forms.py
+++ b/src/apps/profiles/forms.py
@@ -1,3 +1,4 @@
+import re
 from django import forms
 from django.contrib.auth.forms import UserCreationForm
 from .models import User
@@ -11,12 +12,13 @@ class SignUpForm(UserCreationForm):
 
     def clean_username(self):
         data = self.cleaned_data["username"]
-        if not data.islower():
-            raise forms.ValidationError("Usernames should be in lowercase")
-        if not data.isalnum():
-            raise forms.ValidationError(
-                "Usernames should not contain special characters."
-            )
+
+        # Check if username has allowed characters only
+        # Allow only lowercase letters, numbers, hyphens, and underscores
+        if not re.match(r"^[a-z0-9_-]+$", data):
+            raise forms.ValidationError("Username can only contain lowercase letters, numbers, hyphens, and underscores.")
+
+        # Check username length
         if (len(data) > 15) or (len(data) < 5):
             raise forms.ValidationError(
                 "Username must have at least 5 characters and at most 15 characters"