add forbidden usernames

app/routes/users.py

@@ -50,7 +50,7 @@ def sign_up():
 @redirect_if_logged_in()
 def sign_up_post():
     generic_error_page = redirect(url_for('.sign_up', error='The username or password you entered is invalid.'))
-    user_exists_error_page = redirect(url_for('.sign_up', error='This username is already taken. Please pick another.'))
+    invalid_username_error_page = redirect(url_for('.sign_up', error='This username cannot be used. Please pick another.'))
     passwords_error_page = redirect(url_for('.sign_up', error='The passwords do not match.'))
     username = request.form.get('username', default='')
     if not username:
@@ -59,10 +59,13 @@ def sign_up_post():
         return generic_error_page
     if len(request.form.getlist('password')) != 2:
         return passwords_error_page
-    username_pair = parse_username(username)
+    try:
+        username_pair = parse_username(username)
+    except ValueError:
+        return invalid_username_error_page
     potential_user = Users.find({'username': username})
     if potential_user:
-        return user_exists_error_page
+        return invalid_username_error_page
 
     if request.form.getlist('password')[0] != request.form.getlist('password')[1]:
         return passwords_error_page