diff --git a/docs/account/register.md b/docs/account/register.md index f8301ff..cf20657 100644 --- a/docs/account/register.md +++ b/docs/account/register.md @@ -15,6 +15,8 @@ This verification link will time out after 10 minutes. | password | The password used for authentication. | | email | The email address used for validation. | +The username has to alphanumerical. + The password has to meet the following criteria: - minimum length: 12 characters - numbers @@ -39,10 +41,10 @@ __Content - JSON:__ |----------|----------------------------------------------------------------------| | conflict | Can be `username` or `email`, depending on what caused the conflict. | ### 422 - Error: Unprocessable Entity -The email is malformed, or the password does not meet the criteria. +The email or username is malformed, or the password does not meet the criteria. __Content - JSON:__ -| Field | Description | -|---------|---------------------------------------------------------------------| -| problem | Can be `email` or `password`, depending on what caused the problem. | \ No newline at end of file +| Field | Description | +|---------|---------------------------------------------------------------------------------| +| problem | Can be `email`, `username` or `password`, depending on what caused the problem. | diff --git a/src/api/account/calls.rs b/src/api/account/calls.rs index 6049ce2..ab08410 100644 --- a/src/api/account/calls.rs +++ b/src/api/account/calls.rs @@ -16,7 +16,6 @@ async fn register( data::RegisterResponse::Unprocessable(b) => { HttpResponse::UnprocessableEntity().json(web::Json(b)) } - data::RegisterResponse::Blocked => HttpResponse::Forbidden().finish(), }, Err(e) => { error!("While handling register request: {e}"); diff --git a/src/api/account/data.rs b/src/api/account/data.rs index 1f37eb8..60243ed 100644 --- a/src/api/account/data.rs +++ b/src/api/account/data.rs @@ -18,6 +18,7 @@ pub enum RegisterConflict { #[serde(tag = "problem", rename_all = "snake_case")] pub enum RegisterUnprocessable { Email, + Username, Password, } @@ -26,7 +27,6 @@ pub enum RegisterResponse { Success, Conflict(RegisterConflict), Unprocessable(RegisterUnprocessable), - Blocked, } #[derive(Debug, Deserialize)] diff --git a/src/api/account/handlers.rs b/src/api/account/handlers.rs index f84d0e4..05d652c 100644 --- a/src/api/account/handlers.rs +++ b/src/api/account/handlers.rs @@ -13,8 +13,10 @@ pub async fn register( pool: &PgPool, request: data::RegisterRequest, ) -> Result { - if is_sql_injection(&request.username) { - return Ok(data::RegisterResponse::Blocked); + if !request.username.is_alpha() { + return Ok(data::RegisterResponse::Unprocessable( + data::RegisterUnprocessable::Username, + )); } // Check if the username is already taken @@ -106,7 +108,7 @@ pub async fn verify(pool: &PgPool, request: data::VerifyRequest) -> Result