From 7570f11299aaf0302daa7b52c972cdaa2ec1b91d Mon Sep 17 00:00:00 2001
From: kovba18 <kovacs.balazs.2@hallgato.ppke.hu>
Date: Tue, 14 May 2024 11:18:42 +0200
Subject: [PATCH] basic request validation

---
 .../main/java/hu/pazmany/controller/Controller.java   | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/backend/src/main/java/hu/pazmany/controller/Controller.java b/backend/src/main/java/hu/pazmany/controller/Controller.java
index efcdbde..44b0085 100644
--- a/backend/src/main/java/hu/pazmany/controller/Controller.java
+++ b/backend/src/main/java/hu/pazmany/controller/Controller.java
@@ -18,6 +18,7 @@ import org.springframework.web.multipart.MultipartFile;
 import java.io.IOException;
 import java.util.List;
 import java.util.Optional;
+import java.util.regex.Pattern;
 
 @RestController
 @RequestMapping("/api")
@@ -144,7 +145,15 @@ public class Controller {
     }
 
 	private boolean isValidRegisterRequest(UserDTO request) {
-		return request != null && request.getUsername() != null && request.getPassword() != null;
+		String username_regex = "^\\w{5,20}$";
+		// username can contain numbers, upper and lowercase characters
+		String password_regex = "^(?=.*[A-Z])(?=.*\\d)[A-Za-z\\d]{8,20}$";
+
+		return (request != null
+				&& request.getUsername() != null
+				&& request.getPassword() != null
+				&& Pattern.matches(username_regex, request.getUsername())
+				&& Pattern.matches(password_regex, request.getPassword()));
 	}
 
 	private boolean isValidToken(String token) {
-- 
GitLab