From daa4c343e8ced8d7c62e94b22d4192661e75ebe4 Mon Sep 17 00:00:00 2001 From: lonkaars Date: Tue, 9 Mar 2021 11:16:45 +0100 Subject: server-side register data validation --- api/auth/signup.py | 18 ++++++++++++++++++ pages/register.tsx | 4 ++-- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/api/auth/signup.py b/api/auth/signup.py index a29bc59..648f1b5 100644 --- a/api/auth/signup.py +++ b/api/auth/signup.py @@ -4,6 +4,19 @@ from randid import new_uuid import auth.token as token import passwords import time +import re + +def validate_username(username): + return len(username) in range(3, 35 + 1) + +def validate_email(email): + #TODO: use node_modules/email-validator/index.js + return len(email) > 1 and \ + "@" in email + +def validate_password(password): + passwordRegex = r"^(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9]).{8,}$" # r"" = raw string + return re.match(passwordRegex, password) signup = Blueprint('signup', __name__) @@ -20,6 +33,11 @@ def index(): not password: return "", 400 + if not validate_username(username) or \ + not validate_email(email) or \ + not validate_password(password): + return {"error": "form_data_invalid"}, 403 + if cursor.execute("select username from users where username = ?", [username]).fetchone(): return {"error": "username_taken"}, 403 diff --git a/pages/register.tsx b/pages/register.tsx index b9b8325..3616bb8 100644 --- a/pages/register.tsx +++ b/pages/register.tsx @@ -34,8 +34,8 @@ function submitRegister(event?: FormEvent) { */ //TODO: alert -> react toast / material-ui snackbar - if ( formData.username.length > 35 ) { - alert("Je gebruikersnaam kan maximaal 35 tekens lang zijn!"); + if ( formData.username.length < 3 || formData.username.length > 35 ) { + alert("Je gebruikersnaam moet tussen de 3 en 35 tekens lang zijn!"); return; } -- cgit v1.2.3