diff --git a/client/src/app/shared/forms/form-validators/user.ts b/client/src/app/shared/forms/form-validators/user.ts index 9d200649c..602576efa 100644 --- a/client/src/app/shared/forms/form-validators/user.ts +++ b/client/src/app/shared/forms/form-validators/user.ts @@ -1,11 +1,17 @@ import { Validators } from '@angular/forms' export const USER_USERNAME = { - VALIDATORS: [ Validators.required, Validators.minLength(3), Validators.maxLength(20) ], + VALIDATORS: [ + Validators.required, + Validators.minLength(3), + Validators.maxLength(20), + Validators.pattern(/^[a-z0-9._]+$/) + ], MESSAGES: { 'required': 'Username is required.', 'minlength': 'Username must be at least 3 characters long.', - 'maxlength': 'Username cannot be more than 20 characters long.' + 'maxlength': 'Username cannot be more than 20 characters long.', + 'pattern': 'Username should be only lowercase alphanumeric characters.' } } export const USER_EMAIL = { diff --git a/server/helpers/custom-validators/users.ts b/server/helpers/custom-validators/users.ts index f423d6317..b5b5642d6 100644 --- a/server/helpers/custom-validators/users.ts +++ b/server/helpers/custom-validators/users.ts @@ -18,7 +18,7 @@ function isUserVideoQuotaValid (value: string) { function isUserUsernameValid (value: string) { const max = USERS_CONSTRAINTS_FIELDS.USERNAME.max const min = USERS_CONSTRAINTS_FIELDS.USERNAME.min - return exists(value) && validator.matches(value, new RegExp(`^[a-zA-Z0-9._]{${min},${max}}$`)) + return exists(value) && validator.matches(value, new RegExp(`^[a-z0-9._]{${min},${max}}$`)) } function isUserDisplayNSFWValid (value: any) { diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 0b463acc0..6b845f62b 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts @@ -19,7 +19,7 @@ import { import { UserInstance, VideoInstance } from '../../models' const usersAddValidator = [ - body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'), + body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'), body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'), body('email').isEmail().withMessage('Should have a valid email'), body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), @@ -196,7 +196,7 @@ function checkUserDoesNotAlreadyExist (username: string, email: string, res: exp .then(user => { if (user) { return res.status(409) - .send({ error: 'User already exists.' }) + .send({ error: 'User with this username of email already exists.' }) .end() } diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts index 687999c09..578fece49 100644 --- a/server/tests/api/check-params/users.ts +++ b/server/tests/api/check-params/users.ts @@ -112,6 +112,18 @@ describe('Test users API validators', function () { await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) }) + it('Should fail with a not lowercase username', async function () { + const fields = { + username: 'Toto', + email: 'test@example.com', + password: 'my_super_password', + videoQuota: 42000000, + role: UserRole.USER + } + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + it('Should fail with an incorrect username', async function () { const fields = { username: 'my username',