diff --git a/src/methods/account_new.rs b/src/methods/account_new.rs index 4f2ccdf..3125784 100644 --- a/src/methods/account_new.rs +++ b/src/methods/account_new.rs @@ -36,6 +36,11 @@ pub async fn post_new_account(mut req: Request) -> tide::Result { return Ok(json!({"result": "error", "error": "Invalid auth"}).into()); }; + if let Some(error) = is_valid_name(&user) { + + return Ok(json!({"result": "error", "error": error}).into()); + } + // easier to give each request its own connection let mut ldap = LdapConn::new(&config.ldap_host)?; @@ -76,6 +81,34 @@ async fn db_pending_clear_expired(pool: &Pool) -> Result Option { + // max length is 31 chars + if name.len() >= 32 { + return Some(String::from("Too long, max len 31")); + } + + for (index, letter) in name.chars().enumerate() { + // no uppercase characters allowed + if letter.is_ascii_uppercase() { + return Some(String::from("Has uppercase")); + } + + if index == 0 { + // first character ahs to be either a letter or underscore + if !(letter.is_ascii_alphabetic() || letter == '_') { + return Some(String::from("Does not start with letter or _")); + } + } else { + // after first character options are more relaxed + if !(letter.is_ascii_alphabetic() || letter.is_ascii_digit() || letter == '_' || letter == '-') { + return Some(String::from("Contains character that is not letter, number, _ or -")); + } + } + } + + None +} + async fn db_get_user(pool: &Pool, auth: &str) -> Option { if let Ok(res) = sqlx::query_as::<_, AccountsNew>( r#"