From da485e523913df28def6335be0836b1fc437617f Mon Sep 17 00:00:00 2001 From: Owen Jacobson Date: Tue, 29 Oct 2024 19:32:30 -0400 Subject: Restrict login names. There's no good reason to use an empty string as your login name, or to use one so long as to annoy others. Names beginning or ending with whitespace, or containing runs of whitespace, are also a technical problem, so they're also prohibited. This change does not implement [UTS #39], as I haven't yet fully understood how to do so. [UTS #39]: https://www.unicode.org/reports/tr39/ --- docs/api/invitations.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'docs/api/invitations.md') diff --git a/docs/api/invitations.md b/docs/api/invitations.md index ddbef8a..83e5145 100644 --- a/docs/api/invitations.md +++ b/docs/api/invitations.md @@ -130,6 +130,15 @@ The request must have the following fields: | `name` | string | The new login's name. | | `password` | string | The new login's password, in plain text. | + +The proposed `name` must be valid. The precise definition of valid is still up in the air, but, at minimum: + +* It must be non-empty. +* It must not be "too long." (Currently, 64 characters is too long.) +* It must begin with an alphanumeric character. +* It must end with an alphanumeric character. +* It must not contain runs of multiple whitespace characters. + ### Success @@ -162,6 +171,10 @@ The cookie will expire if it is not used regularly. This endpoint will respond with a status of `404 Not Found` when the invitation ID either does not exist, or has already been accepted. +### Name not valid + +This endpoint will respond with a status of `400 Bad Request` if the proposed `name` is not valid. + ### Name in use This endpoint will respond with a status of `409 Conflict` if the requested login name has already been taken. -- cgit v1.2.3 From 15311c7bd816a83d0641de6b6bb3c41bb67079db Mon Sep 17 00:00:00 2001 From: Owen Jacobson Date: Tue, 29 Oct 2024 20:41:58 -0400 Subject: fixup! Restrict login names. --- docs/api/initial-setup.md | 4 ++-- docs/api/invitations.md | 4 ++-- src/login/validate.rs | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) (limited to 'docs/api/invitations.md') diff --git a/docs/api/initial-setup.md b/docs/api/initial-setup.md index b6bf270..c2bdaec 100644 --- a/docs/api/initial-setup.md +++ b/docs/api/initial-setup.md @@ -57,8 +57,8 @@ The proposed `name` must be valid. The precise definition of valid is still up i * It must be non-empty. * It must not be "too long." (Currently, 64 characters is too long.) -* It must begin with an alphanumeric character. -* It must end with an alphanumeric character. +* It must begin with a printing character. +* It must end with a printing character. * It must not contain runs of multiple whitespace characters. ### Success diff --git a/docs/api/invitations.md b/docs/api/invitations.md index 83e5145..1839ef5 100644 --- a/docs/api/invitations.md +++ b/docs/api/invitations.md @@ -135,8 +135,8 @@ The proposed `name` must be valid. The precise definition of valid is still up i * It must be non-empty. * It must not be "too long." (Currently, 64 characters is too long.) -* It must begin with an alphanumeric character. -* It must end with an alphanumeric character. +* It must begin with a printing character. +* It must end with a printing character. * It must not contain runs of multiple whitespace characters. ### Success diff --git a/src/login/validate.rs b/src/login/validate.rs index ed3eff8..0c97293 100644 --- a/src/login/validate.rs +++ b/src/login/validate.rs @@ -11,8 +11,8 @@ pub fn name(name: &Name) -> bool { [ display.graphemes(true).count() < NAME_TOO_LONG, display.chars().all(|ch| !ch.is_control()), - display.chars().next().is_some_and(char::is_alphanumeric), - display.chars().last().is_some_and(char::is_alphanumeric), + display.chars().next().is_some_and(|c| !c.is_whitespace()), + display.chars().last().is_some_and(|c| !c.is_whitespace()), display .chars() .zip(display.chars().skip(1)) -- cgit v1.2.3