From 1d84dc334eb200d82a5550330b955659d30d2eb3 Mon Sep 17 00:00:00 2001 From: Christoffer Lehre Date: Sun, 20 Oct 2024 20:14:28 +0200 Subject: [PATCH 1/2] fix: remove [+@.] from allowed usernames on registration --- web/src/p2k16/core/account_management.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/web/src/p2k16/core/account_management.py b/web/src/p2k16/core/account_management.py index 567558d..4af3445 100644 --- a/web/src/p2k16/core/account_management.py +++ b/web/src/p2k16/core/account_management.py @@ -185,8 +185,8 @@ def register_account(username: str, email: str, name: str, password: str, phone: if " " in username: raise P2k16UserException("Username cannot contain spaces") - if not re.match(r"^[a-zA-Z0-9@._+-]+$", username): - raise P2k16UserException("Username can only contain a-z, 0-9, @, ., _, + and -.") + if not re.match(r"^[A-z0-9_-]+$", username): + raise P2k16UserException("Username can only contain a-z, 0-9, _ and -.") account = Account(username, email, name, phone, password) db.session.add(account) From 0b4f92e454a21a508165603265f483465f85d801 Mon Sep 17 00:00:00 2001 From: Christoffer Lehre Date: Sun, 20 Oct 2024 20:48:23 +0200 Subject: [PATCH 2/2] fix: add email validation --- web/src/p2k16/core/account_management.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/web/src/p2k16/core/account_management.py b/web/src/p2k16/core/account_management.py index 4af3445..27cfe09 100644 --- a/web/src/p2k16/core/account_management.py +++ b/web/src/p2k16/core/account_management.py @@ -187,7 +187,10 @@ def register_account(username: str, email: str, name: str, password: str, phone: if not re.match(r"^[A-z0-9_-]+$", username): raise P2k16UserException("Username can only contain a-z, 0-9, _ and -.") - + + if not re.match(r"^[\w\.\-]+@([\w-]+\.)+[\w-]{2,4}$", email): + raise P2k16UserException("Email is not valid!") + account = Account(username, email, name, phone, password) db.session.add(account) return account