server-side register data validation

2 files changed, 20 insertions, 2 deletions

diff --git a/api/auth/signup.py b/api/auth/signup.py
index a29bc59..648f1b5 100644
--- a/api/auth/signup.py
+++ b/api/auth/signup.py
@@ -4,6 +4,19 @@ from randid import new_uuid
 import auth.token as token
 import passwords
 import time
+import re
+
+def validate_username(username):
+    return len(username) in range(3, 35 + 1)
+
+def validate_email(email):
+    #TODO: use node_modules/email-validator/index.js
+    return len(email) > 1 and \
+        "@" in email
+
+def validate_password(password):
+    passwordRegex = r"^(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9]).{8,}$" # r"" = raw string
+    return re.match(passwordRegex, password)
 
 signup = Blueprint('signup', __name__)
 
@@ -20,6 +33,11 @@ def index():
        not password:
            return "", 400
 
+    if not validate_username(username) or \
+       not validate_email(email) or \
+       not validate_password(password):
+           return {"error": "form_data_invalid"}, 403
+
     if cursor.execute("select username from users where username = ?", [username]).fetchone():
         return {"error": "username_taken"}, 403
 
diff --git a/pages/register.tsx b/pages/register.tsx
index b9b8325..3616bb8 100644
--- a/pages/register.tsx
+++ b/pages/register.tsx
@@ -34,8 +34,8 @@ function submitRegister(event?: FormEvent<HTMLFormElement>) {
 	 */
 
 	//TODO: alert -> react toast / material-ui snackbar
-	if ( formData.username.length > 35 ) {
-		alert("Je gebruikersnaam kan maximaal 35 tekens lang zijn!");
+	if ( formData.username.length < 3 || formData.username.length > 35 ) {
+		alert("Je gebruikersnaam moet tussen de 3 en 35 tekens lang zijn!");
 		return;
 	}