diff options
| author | Conrad Ludgate <conradludgate@gmail.com> | 2023-05-16 22:03:53 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-05-16 22:03:53 +0100 |
| commit | 7d5a82df14160242cdd01a0f1651dab18b41a973 (patch) | |
| tree | 85983f2f3efd289e413ab2be8338a4e17d52287f /atuin-server | |
| parent | feat: add delete account option (attempt 2) (#980) (diff) | |
| download | atuin-7d5a82df14160242cdd01a0f1651dab18b41a973.zip | |
validate usernames on registration (#982)
improve login password incorrect error message
update docs for registration with passwords
Diffstat (limited to 'atuin-server')
| -rw-r--r-- | atuin-server/src/handlers/user.rs | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/atuin-server/src/handlers/user.rs b/atuin-server/src/handlers/user.rs index ec2131e1..e67828e4 100644 --- a/atuin-server/src/handlers/user.rs +++ b/atuin-server/src/handlers/user.rs @@ -92,6 +92,18 @@ pub async fn register<DB: Database>( ); } + for c in register.username.chars() { + match c { + 'a'..='z' | 'A'..='Z' | '0'..='9' | '-' => {} + _ => { + return Err(ErrorResponse::reply( + "Only alphanumeric and hyphens (-) are allowed in usernames", + ) + .with_status(StatusCode::BAD_REQUEST)) + } + } + } + let hashed = hash_secret(®ister.password); let new_user = NewUser { @@ -190,7 +202,9 @@ pub async fn login<DB: Database>( let verified = verify_str(user.password.as_str(), login.password.borrow()); if !verified { - return Err(ErrorResponse::reply("user not found").with_status(StatusCode::NOT_FOUND)); + return Err( + ErrorResponse::reply("password is not correct").with_status(StatusCode::UNAUTHORIZED) + ); } Ok(Json(LoginResponse { |