nerdcult
/
api
4
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: enforcing alphanumerical usernames

This commit is contained in:
antifallobst 2023-10-11 12:32:01 +02:00
parent bc610ef22a
commit ce4fe91f7d
Signed by: antifallobst
GPG Key ID: 2B4F402172791BAF
4 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/account/register.md
View File

@ -15,6 +15,8 @@ This verification link will time out after 10 minutes.
| password | The password used for authentication. | | password | The password used for authentication. |
| email | The email address used for validation. | | email | The email address used for validation. |
The username has to alphanumerical.
The password has to meet the following criteria: The password has to meet the following criteria:
- minimum length: 12 characters - minimum length: 12 characters
- numbers - numbers
@ -39,10 +41,10 @@ __Content - JSON:__
|----------|----------------------------------------------------------------------| |----------|----------------------------------------------------------------------|
| conflict | Can be `username` or `email`, depending on what caused the conflict. | | conflict | Can be `username` or `email`, depending on what caused the conflict. |
### 422 - Error: Unprocessable Entity ### 422 - Error: Unprocessable Entity
The email is malformed, or the password does not meet the criteria. The email or username is malformed, or the password does not meet the criteria.
__Content - JSON:__ __Content - JSON:__
| Field | Description | | Field | Description |
|---------|---------------------------------------------------------------------| |---------|---------------------------------------------------------------------------------|
| problem | Can be `email` or `password`, depending on what caused the problem. | | problem | Can be `email`, `username` or `password`, depending on what caused the problem. |

1
src/api/account/calls.rs
View File

@ -16,7 +16,6 @@ async fn register(
data::RegisterResponse::Unprocessable(b) => { data::RegisterResponse::Unprocessable(b) => {
HttpResponse::UnprocessableEntity().json(web::Json(b)) HttpResponse::UnprocessableEntity().json(web::Json(b))
} }
data::RegisterResponse::Blocked => HttpResponse::Forbidden().finish(),
}, },
Err(e) => { Err(e) => {
error!("While handling register request: {e}"); error!("While handling register request: {e}");

2
src/api/account/data.rs
View File

@ -18,6 +18,7 @@ pub enum RegisterConflict {
#[serde(tag = "problem", rename_all = "snake_case")] #[serde(tag = "problem", rename_all = "snake_case")]
pub enum RegisterUnprocessable { pub enum RegisterUnprocessable {
Email, Email,
Username,
Password, Password,
} }
@ -26,7 +27,6 @@ pub enum RegisterResponse {
Success, Success,
Conflict(RegisterConflict), Conflict(RegisterConflict),
Unprocessable(RegisterUnprocessable), Unprocessable(RegisterUnprocessable),
Blocked,
} }
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]

8
src/api/account/handlers.rs
View File

@ -13,8 +13,10 @@ pub async fn register(
pool: &PgPool, pool: &PgPool,
request: data::RegisterRequest, request: data::RegisterRequest,
) -> Result<data::RegisterResponse> { ) -> Result<data::RegisterResponse> {
if is_sql_injection(&request.username) { if !request.username.is_alpha() {
return Ok(data::RegisterResponse::Blocked); return Ok(data::RegisterResponse::Unprocessable(
data::RegisterUnprocessable::Username,
));
} }
// Check if the username is already taken // Check if the username is already taken
@ -106,7 +108,7 @@ pub async fn verify(pool: &PgPool, request: data::VerifyRequest) -> Result<data:
let auth_token = AuthToken::new(pool, &token.account, chrono::Duration::days(7)).await?; let auth_token = AuthToken::new(pool, &token.account, chrono::Duration::days(7)).await?;
Ok(data::VerifyResponse::Success(data::VerifySuccess { Ok(data::VerifyResponse::Success(data::VerifySuccess {
token: auth_token.token token: auth_token.token,
})) }))
} }