From da485e523913df28def6335be0836b1fc437617f Mon Sep 17 00:00:00 2001
From: Owen Jacobson <owen@grimoire.ca>
Date: Tue, 29 Oct 2024 19:32:30 -0400
Subject: Restrict login names.

There's no good reason to use an empty string as your login name, or to use one so long as to annoy others. Names beginning or ending with whitespace, or containing runs of whitespace, are also a technical problem, so they're also prohibited.

This change does not implement [UTS #39], as I haven't yet fully understood how to do so.

[UTS #39]: https://www.unicode.org/reports/tr39/
---
 src/login/app.rs      | 12 ++++++++++--
 src/login/mod.rs      |  1 +
 src/login/validate.rs | 23 +++++++++++++++++++++++
 3 files changed, 34 insertions(+), 2 deletions(-)
 create mode 100644 src/login/validate.rs

(limited to 'src/login')

diff --git a/src/login/app.rs b/src/login/app.rs
index 2f5896f..c1bfe6e 100644
--- a/src/login/app.rs
+++ b/src/login/app.rs
@@ -3,7 +3,7 @@ use sqlx::sqlite::SqlitePool;
 use super::repo::Provider as _;
 
 #[cfg(test)]
-use super::{Login, Password};
+use super::{validate, Login, Password};
 #[cfg(test)]
 use crate::{
     clock::DateTime,
@@ -35,6 +35,10 @@ impl<'a> Logins<'a> {
         password: &Password,
         created_at: &DateTime,
     ) -> Result<Login, CreateError> {
+        if !validate::name(name) {
+            return Err(CreateError::InvalidName(name.clone()));
+        }
+
         let password_hash = password.hash()?;
 
         let mut tx = self.db.begin().await?;
@@ -57,9 +61,13 @@ impl<'a> Logins<'a> {
     }
 }
 
+#[cfg(test)]
 #[derive(Debug, thiserror::Error)]
-#[error(transparent)]
 pub enum CreateError {
+    #[error("invalid login name: {0}")]
+    InvalidName(Name),
+    #[error(transparent)]
     Database(#[from] sqlx::Error),
+    #[error(transparent)]
     PasswordHash(#[from] password_hash::Error),
 }
diff --git a/src/login/mod.rs b/src/login/mod.rs
index 279e9a6..6d10e17 100644
--- a/src/login/mod.rs
+++ b/src/login/mod.rs
@@ -6,6 +6,7 @@ pub mod password;
 pub mod repo;
 mod routes;
 mod snapshot;
+pub mod validate;
 
 pub use self::{
     event::Event, history::History, id::Id, password::Password, routes::router, snapshot::Login,
diff --git a/src/login/validate.rs b/src/login/validate.rs
new file mode 100644
index 0000000..ed3eff8
--- /dev/null
+++ b/src/login/validate.rs
@@ -0,0 +1,23 @@
+use unicode_segmentation::UnicodeSegmentation as _;
+
+use crate::name::Name;
+
+// Picked out of a hat. The power of two is not meaningful.
+const NAME_TOO_LONG: usize = 64;
+
+pub fn name(name: &Name) -> bool {
+    let display = name.display();
+
+    [
+        display.graphemes(true).count() < NAME_TOO_LONG,
+        display.chars().all(|ch| !ch.is_control()),
+        display.chars().next().is_some_and(char::is_alphanumeric),
+        display.chars().last().is_some_and(char::is_alphanumeric),
+        display
+            .chars()
+            .zip(display.chars().skip(1))
+            .all(|(a, b)| !(a.is_whitespace() && b.is_whitespace())),
+    ]
+    .into_iter()
+    .all(|value| value)
+}
-- 
cgit v1.2.3