feat: enforcing alphanumerical usernames
This commit is contained in:
parent
bc610ef22a
commit
ce4fe91f7d
|
@ -15,6 +15,8 @@ This verification link will time out after 10 minutes.
|
||||||
| password | The password used for authentication. |
|
| password | The password used for authentication. |
|
||||||
| email | The email address used for validation. |
|
| email | The email address used for validation. |
|
||||||
|
|
||||||
|
The username has to alphanumerical.
|
||||||
|
|
||||||
The password has to meet the following criteria:
|
The password has to meet the following criteria:
|
||||||
- minimum length: 12 characters
|
- minimum length: 12 characters
|
||||||
- numbers
|
- numbers
|
||||||
|
@ -39,10 +41,10 @@ __Content - JSON:__
|
||||||
|----------|----------------------------------------------------------------------|
|
|----------|----------------------------------------------------------------------|
|
||||||
| conflict | Can be `username` or `email`, depending on what caused the conflict. |
|
| conflict | Can be `username` or `email`, depending on what caused the conflict. |
|
||||||
### 422 - Error: Unprocessable Entity
|
### 422 - Error: Unprocessable Entity
|
||||||
The email is malformed, or the password does not meet the criteria.
|
The email or username is malformed, or the password does not meet the criteria.
|
||||||
|
|
||||||
__Content - JSON:__
|
__Content - JSON:__
|
||||||
|
|
||||||
| Field | Description |
|
| Field | Description |
|
||||||
|---------|---------------------------------------------------------------------|
|
|---------|---------------------------------------------------------------------------------|
|
||||||
| problem | Can be `email` or `password`, depending on what caused the problem. |
|
| problem | Can be `email`, `username` or `password`, depending on what caused the problem. |
|
||||||
|
|
|
@ -16,7 +16,6 @@ async fn register(
|
||||||
data::RegisterResponse::Unprocessable(b) => {
|
data::RegisterResponse::Unprocessable(b) => {
|
||||||
HttpResponse::UnprocessableEntity().json(web::Json(b))
|
HttpResponse::UnprocessableEntity().json(web::Json(b))
|
||||||
}
|
}
|
||||||
data::RegisterResponse::Blocked => HttpResponse::Forbidden().finish(),
|
|
||||||
},
|
},
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
error!("While handling register request: {e}");
|
error!("While handling register request: {e}");
|
||||||
|
|
|
@ -18,6 +18,7 @@ pub enum RegisterConflict {
|
||||||
#[serde(tag = "problem", rename_all = "snake_case")]
|
#[serde(tag = "problem", rename_all = "snake_case")]
|
||||||
pub enum RegisterUnprocessable {
|
pub enum RegisterUnprocessable {
|
||||||
Email,
|
Email,
|
||||||
|
Username,
|
||||||
Password,
|
Password,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -26,7 +27,6 @@ pub enum RegisterResponse {
|
||||||
Success,
|
Success,
|
||||||
Conflict(RegisterConflict),
|
Conflict(RegisterConflict),
|
||||||
Unprocessable(RegisterUnprocessable),
|
Unprocessable(RegisterUnprocessable),
|
||||||
Blocked,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, Deserialize)]
|
#[derive(Debug, Deserialize)]
|
||||||
|
|
|
@ -13,8 +13,10 @@ pub async fn register(
|
||||||
pool: &PgPool,
|
pool: &PgPool,
|
||||||
request: data::RegisterRequest,
|
request: data::RegisterRequest,
|
||||||
) -> Result<data::RegisterResponse> {
|
) -> Result<data::RegisterResponse> {
|
||||||
if is_sql_injection(&request.username) {
|
if !request.username.is_alpha() {
|
||||||
return Ok(data::RegisterResponse::Blocked);
|
return Ok(data::RegisterResponse::Unprocessable(
|
||||||
|
data::RegisterUnprocessable::Username,
|
||||||
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if the username is already taken
|
// Check if the username is already taken
|
||||||
|
@ -106,7 +108,7 @@ pub async fn verify(pool: &PgPool, request: data::VerifyRequest) -> Result<data:
|
||||||
let auth_token = AuthToken::new(pool, &token.account, chrono::Duration::days(7)).await?;
|
let auth_token = AuthToken::new(pool, &token.account, chrono::Duration::days(7)).await?;
|
||||||
|
|
||||||
Ok(data::VerifyResponse::Success(data::VerifySuccess {
|
Ok(data::VerifyResponse::Success(data::VerifySuccess {
|
||||||
token: auth_token.token
|
token: auth_token.token,
|
||||||
}))
|
}))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue