From 7570f11299aaf0302daa7b52c972cdaa2ec1b91d Mon Sep 17 00:00:00 2001 From: kovba18 <kovacs.balazs.2@hallgato.ppke.hu> Date: Tue, 14 May 2024 11:18:42 +0200 Subject: [PATCH] basic request validation --- .../main/java/hu/pazmany/controller/Controller.java | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/backend/src/main/java/hu/pazmany/controller/Controller.java b/backend/src/main/java/hu/pazmany/controller/Controller.java index efcdbde..44b0085 100644 --- a/backend/src/main/java/hu/pazmany/controller/Controller.java +++ b/backend/src/main/java/hu/pazmany/controller/Controller.java @@ -18,6 +18,7 @@ import org.springframework.web.multipart.MultipartFile; import java.io.IOException; import java.util.List; import java.util.Optional; +import java.util.regex.Pattern; @RestController @RequestMapping("/api") @@ -144,7 +145,15 @@ public class Controller { } private boolean isValidRegisterRequest(UserDTO request) { - return request != null && request.getUsername() != null && request.getPassword() != null; + String username_regex = "^\\w{5,20}$"; + // username can contain numbers, upper and lowercase characters + String password_regex = "^(?=.*[A-Z])(?=.*\\d)[A-Za-z\\d]{8,20}$"; + + return (request != null + && request.getUsername() != null + && request.getPassword() != null + && Pattern.matches(username_regex, request.getUsername()) + && Pattern.matches(password_regex, request.getPassword())); } private boolean isValidToken(String token) { -- GitLab