Restrict login names.

There's no good reason to use an empty string as your login name, or to use one so long as to annoy others. Names beginning or ending with whitespace, or containing runs of whitespace, are also a technical problem, so they're also prohibited.

This change does not implement [UTS #39], as I haven't yet fully understood how to do so.

[UTS #39]: https://www.unicode.org/reports/tr39/

3 files changed, 35 insertions, 1 deletions

diff --git a/src/setup/app.rs b/src/setup/app.rs
index 030b5f6..cab7c4b 100644
--- a/src/setup/app.rs
+++ b/src/setup/app.rs
@@ -4,7 +4,7 @@ use super::repo::Provider as _;
 use crate::{
     clock::DateTime,
     event::{repo::Provider as _, Broadcaster, Event},
-    login::{repo::Provider as _, Login, Password},
+    login::{repo::Provider as _, validate, Login, Password},
     name::Name,
     token::{repo::Provider as _, Secret},
 };
@@ -25,6 +25,10 @@ impl<'a> Setup<'a> {
         password: &Password,
         created_at: &DateTime,
     ) -> Result<(Login, Secret), Error> {
+        if !validate::name(name) {
+            return Err(Error::InvalidName(name.clone()));
+        }
+
         let password_hash = password.hash()?;
 
         let mut tx = self.db.begin().await?;
@@ -56,6 +60,8 @@ impl<'a> Setup<'a> {
 pub enum Error {
     #[error("initial setup previously completed")]
     SetupCompleted,
+    #[error("invalid login name: {0}")]
+    InvalidName(Name),
     #[error(transparent)]
     Database(#[from] sqlx::Error),
     #[error(transparent)]
diff --git a/src/setup/routes/post.rs b/src/setup/routes/post.rs
index f7b256e..2a46b04 100644
--- a/src/setup/routes/post.rs
+++ b/src/setup/routes/post.rs
@@ -42,6 +42,9 @@ impl IntoResponse for Error {
     fn into_response(self) -> Response {
         let Self(error) = self;
         match error {
+            app::Error::InvalidName(_) => {
+                (StatusCode::BAD_REQUEST, error.to_string()).into_response()
+            }
             app::Error::SetupCompleted => (StatusCode::CONFLICT, error.to_string()).into_response(),
             other => Internal::from(other).into_response(),
         }
diff --git a/src/setup/routes/test.rs b/src/setup/routes/test.rs
index f7562ae..5794b78 100644
--- a/src/setup/routes/test.rs
+++ b/src/setup/routes/test.rs
@@ -67,3 +67,28 @@ async fn login_exists() {
 
     assert!(matches!(error, app::Error::SetupCompleted));
 }
+
+#[tokio::test]
+async fn invalid_name() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+
+    // Call the endpoint
+
+    let name = fixtures::login::propose_invalid_name();
+    let password = fixtures::login::propose_password();
+    let identity = fixtures::cookie::not_logged_in();
+    let request = post::Request {
+        name: name.clone(),
+        password: password.clone(),
+    };
+    let post::Error(error) =
+        post::handler(State(app.clone()), fixtures::now(), identity, Json(request))
+            .await
+            .expect_err("setup with an invalid name fails");
+
+    // Verify the response
+
+    assert!(matches!(error, app::Error::InvalidName(error_name) if name == error_name));
+}