|
|
@@ -6,6 +6,7 @@ package validator // import "miniflux.app/v2/internal/validator"
|
|
|
import (
|
|
|
"slices"
|
|
|
"strings"
|
|
|
+ "unicode"
|
|
|
|
|
|
"miniflux.app/v2/internal/locale"
|
|
|
"miniflux.app/v2/internal/model"
|
|
|
@@ -22,6 +23,10 @@ func ValidateUserCreationWithPassword(store *storage.Storage, request *model.Use
|
|
|
return locale.NewLocalizedError("error.user_already_exists")
|
|
|
}
|
|
|
|
|
|
+ if err := validateUsername(request.Username); err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
+
|
|
|
if err := validatePassword(request.Password); err != nil {
|
|
|
return err
|
|
|
}
|
|
|
@@ -146,6 +151,23 @@ func validatePassword(password string) *locale.LocalizedError {
|
|
|
return nil
|
|
|
}
|
|
|
|
|
|
+// validateUsername return an error if the `username` argument contains
|
|
|
+// a character that isn't alphanumerical nor `_` and `-`.
|
|
|
+func validateUsername(username string) *locale.LocalizedError {
|
|
|
+ if strings.ContainsFunc(username, func(r rune) bool {
|
|
|
+ if unicode.IsLetter(r) || unicode.IsNumber(r) {
|
|
|
+ return false
|
|
|
+ }
|
|
|
+ if r == '_' || r == '-' || r == '@' || r == '.' {
|
|
|
+ return false
|
|
|
+ }
|
|
|
+ return true
|
|
|
+ }) {
|
|
|
+ return locale.NewLocalizedError("error.invalid_username")
|
|
|
+ }
|
|
|
+ return nil
|
|
|
+}
|
|
|
+
|
|
|
func validateTheme(theme string) *locale.LocalizedError {
|
|
|
themes := model.Themes()
|
|
|
if _, found := themes[theme]; !found {
|
Julien Voisin