fix #640

misago/users/models/user.py

@@ -1,8 +1,8 @@
 from hashlib import md5
 
 from django.contrib.auth.models import AnonymousUser as DjangoAnonymousUser
-from django.contrib.auth.models import UserManager as BaseUserManager
 from django.contrib.auth.models import AbstractBaseUser, PermissionsMixin
+from django.contrib.auth.models import UserManager as BaseUserManager
 from django.core.mail import send_mail
 from django.db import IntegrityError, models, transaction
 from django.dispatch import receiver
@@ -75,6 +75,9 @@ class UserManager(BaseUserManager):
     def create_user(self, username, email, password=None, set_default_avatar=False, **extra_fields):
         from ..validators import validate_email, validate_password, validate_username
 
+        email = self.normalize_email(email)
+        username = self.model.normalize_username(username)
+
         with transaction.atomic():
             if not email:
                 raise ValueError(_("User must have an email address."))
@@ -102,10 +105,13 @@ class UserManager(BaseUserManager):
                 new_value = WATCH_DICT[settings.subscribe_reply]
                 extra_fields['subscribe_to_replied_threads'] = new_value
 
+            extra_fields.update({
+                'is_staff': False,
+                'is_superuser': False
+            })
+
             now = timezone.now()
             user = self.model(
-                is_staff=False,
-                is_superuser=False,
                 last_login=now,
                 joined_on=now,
                 **extra_fields
@@ -264,6 +270,10 @@ class User(AbstractBaseUser, PermissionsMixin):
 
     objects = UserManager()
 
+    def clean(self):
+        self.username = self.normalize_username(self.username)
+        self.email = self.__class__.objects.normalize_email(self.email)
+
     def lock(self):
         """Locks user in DB"""
         return User.objects.select_for_update().get(pk=self.pk)
@@ -327,27 +337,6 @@ class User(AbstractBaseUser, PermissionsMixin):
     def has_valid_signature(self):
         return is_user_signature_valid(self)
 
-    @property
-    def staff_level(self):
-        if self.is_superuser:
-            return 2
-        elif self.is_staff:
-            return 1
-        else:
-            return 0
-
-    @staff_level.setter
-    def staff_level(self, new_level):
-        if new_level == 2:
-            self.is_superuser = True
-            self.is_staff = True
-        elif new_level == 1:
-            self.is_superuser = False
-            self.is_staff = True
-        else:
-            self.is_superuser = False
-            self.is_staff = False
-
     def get_absolute_url(self):
         return reverse('misago:user', kwargs={
             'slug': self.slug,
@@ -367,6 +356,7 @@ class User(AbstractBaseUser, PermissionsMixin):
         return self.username
 
     def set_username(self, new_username, changed_by=None):
+        new_username = self.normalize_username(new_username)
         if new_username != self.username:
             old_username = self.username
             self.username = new_username

misago/users/tests/test_useradmin_views.py

@@ -201,7 +201,7 @@ class UserAdminViewsTests(AdminTestCase):
             'rank': six.text_type(test_user.rank_id),
             'roles': six.text_type(test_user.roles.all()[0].pk),
             'email': 'reg@stered.com',
-            'new_password': 'pass123',
+            'new_password': 'newpass123',
             'staff_level': '0',
             'signature': 'Hello world!',
             'is_signature_locked': '1',
@@ -214,9 +214,50 @@ class UserAdminViewsTests(AdminTestCase):
         })
         self.assertEqual(response.status_code, 302)
 
+        updated_user = User.objects.get(pk=test_user.pk)
+        self.assertTrue(updated_user.check_password('newpass123'))
+        self.assertEqual(updated_user.username, 'Bawww')
+        self.assertEqual(updated_user.slug, 'bawww')
+
         User.objects.get_by_username('Bawww')
         User.objects.get_by_email('reg@stered.com')
 
+    def test_edit_dont_change_username(self):
+        """
+        If username wasn't changed, don't touch user's username, slug or history
+
+        This is regression test for issue #640
+        """
+        User = get_user_model()
+        test_user = User.objects.create_user('Bob', 'bob@test.com', 'pass123')
+        test_link = reverse('misago:admin:users:accounts:edit',
+                            kwargs={'pk': test_user.pk})
+
+        response = self.client.get(test_link)
+        self.assertEqual(response.status_code, 200)
+
+        response = self.client.post(test_link, data={
+            'username': 'Bob',
+            'rank': six.text_type(test_user.rank_id),
+            'roles': six.text_type(test_user.roles.all()[0].pk),
+            'email': 'reg@stered.com',
+            'new_password': 'pass123',
+            'signature': 'Hello world!',
+            'is_signature_locked': '1',
+            'is_hiding_presence': '0',
+            'limits_private_thread_invites_to': '0',
+            'signature_lock_staff_message': 'Staff message',
+            'signature_lock_user_message': 'User message',
+            'subscribe_to_started_threads': '2',
+            'subscribe_to_replied_threads': '2',
+        })
+        self.assertEqual(response.status_code, 302)
+
+        updated_user = User.objects.get(pk=test_user.pk)
+        self.assertEqual(updated_user.username, 'Bob')
+        self.assertEqual(updated_user.slug, 'bob')
+        self.assertEqual(updated_user.namechanges.count(), 0)
+
     def test_edit_make_admin(self):
         """edit user view allows super admin to make other user admin"""
         User = get_user_model()