From 2db1f12bfb3badc4ab1420bb9aa2aae91a9ba3e5 Mon Sep 17 00:00:00 2001
From: Ethan Dalool <git@voussoir.net>
Date: Sat, 19 Sep 2020 03:51:55 -0700
Subject: [PATCH] Add constants.USER_ID_CHARACTERS and show that when raising
 invalid.

---
 etiquette/constants.py | 2 ++
 etiquette/objects.py   | 5 ++++-
 etiquette/photodb.py   | 4 ++--
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/etiquette/constants.py b/etiquette/constants.py
index 23ea03a..080e7c3 100644
--- a/etiquette/constants.py
+++ b/etiquette/constants.py
@@ -222,6 +222,8 @@ FILENAME_BADCHARS = '\\/:*?<>|"'
 TRUTHYSTRING_TRUE = {s.lower() for s in ('1', 'true', 't', 'yes', 'y', 'on')}
 TRUTHYSTRING_NONE = {s.lower() for s in ('null', 'none')}
 
+USER_ID_CHARACTERS = string.digits + string.ascii_uppercase
+
 ADDITIONAL_MIMETYPES = {
     '7z': 'archive',
     'gz': 'archive',
diff --git a/etiquette/objects.py b/etiquette/objects.py
index bbee451..1caf1ff 100644
--- a/etiquette/objects.py
+++ b/etiquette/objects.py
@@ -53,12 +53,15 @@ class ObjectBase:
             return None
 
         if not isinstance(author_id, str):
-            raise TypeError(f'Author ID must be string, not {type(author_id)}.')
+            raise TypeError(f'Author ID must be {str}, not {type(author_id)}.')
 
         author_id = author_id.strip()
         if author_id == '':
             return None
 
+        if not all(c in constants.USER_ID_CHARACTERS for c in author_id):
+            raise ValueError(f'Author ID must consist only of {constants.USER_ID_CHARACTERS}.')
+
         return author_id
 
     def get_author(self):
diff --git a/etiquette/photodb.py b/etiquette/photodb.py
index 3dd52c5..1fbca5d 100644
--- a/etiquette/photodb.py
+++ b/etiquette/photodb.py
@@ -1235,9 +1235,9 @@ class PDBUserMixin:
         User IDs are randomized instead of integers like the other objects,
         so they get their own method.
         '''
-        possible = string.digits + string.ascii_uppercase
+        length = self.config['id_length']
         for retry in range(20):
-            user_id = [random.choice(possible) for x in range(self.config['id_length'])]
+            user_id = (random.choice(constants.USER_ID_CHARACTERS) for x in range(length))
             user_id = ''.join(user_id)
 
             user_exists = self.sql_select_one('SELECT 1 FROM users WHERE id == ?', [user_id])