summary refs log tree commit diff stats
path: root/auth
diff options
context:
space:
mode:
authorAndinus <andinus@nand.sh>2020-03-27 21:21:03 +0530
committerAndinus <andinus@nand.sh>2020-03-27 21:21:03 +0530
commit248dff015bf5f6ce2598678c0dac892f9f80e400 (patch)
tree5d052cb58d205b38a2b77c0efb601705924561bb /auth
parent3dee7955670274b92ad8b3931e6c36995f1ee418 (diff)
downloadperseus-248dff015bf5f6ce2598678c0dac892f9f80e400.tar.gz
Enforce registration rules
Diffstat (limited to 'auth')
-rw-r--r--auth/register.go21
1 files changed, 17 insertions, 4 deletions
diff --git a/auth/register.go b/auth/register.go
index 69e05ad..f946072 100644
--- a/auth/register.go
+++ b/auth/register.go
@@ -1,7 +1,9 @@
 package auth
 
 import (
+	"errors"
 	"log"
+	"regexp"
 	"strings"
 
 	"tildegit.org/andinus/perseus/storage/sqlite3"
@@ -10,13 +12,24 @@ import (
 
 // Register takes in registration details and returns an error. If
 // error doesn't equal nil then the registration was unsuccessful.
-// regInfo should have username & password.
-func Register(db *sqlite3.DB, regInfo map[string]string) error {
+// uInfo should have username & password.
+func Register(db *sqlite3.DB, uInfo map[string]string) error {
 	u := user.User{}
 	u.SetID(genID(64))
-	u.SetUsername(strings.ToLower(regInfo["username"]))
+	u.SetUsername(strings.ToLower(uInfo["username"]))
 
-	pass, err := hashPass(regInfo["password"])
+	// Validate username
+	re := regexp.MustCompile("^[a-z0-9]*$")
+	if !re.MatchString(u.Username()) {
+		return errors.New("auth/register.go: invalid username")
+	}
+
+	// Validate password
+	if len(uInfo["password"]) < 8 {
+		return errors.New("auth/register.go: password too short")
+	}
+
+	pass, err := hashPass(uInfo["password"])
 	if err != nil {
 		log.Printf("auth/register.go: %s\n",
 			"hashPass func failed")