Check illegal username

2025-11-04 07:47:10 +01:00 · 2017-04-08 14:53:58 -07:00
parent 9801aafb58
commit 0509b44078
2 changed files with 25 additions and 14 deletions
--- a/titanembeds/blueprints/api/api.py
+++ b/titanembeds/blueprints/api/api.py
@@ -274,8 +274,11 @@ def create_unauthenticated_user():
    username = request.form['username']
    guild_id = request.form['guild_id']
    ip_address = get_client_ipaddr()
+    username = username.strip()
    if len(username) < 2 or len(username) > 32:
        abort(406)
+    if not all(x.isalpha() or x.isspace() or "-" == x or "_" == x for x in username):
+        abort(406)
    if not check_guild_existance(guild_id):
        abort(404)
    if not guild_query_unauth_users_bool(guild_id):
--- a/titanembeds/static/js/embed.js
+++ b/titanembeds/static/js/embed.js
@@ -341,20 +341,28 @@ $("#discordlogin_btn").click(function() {
 });

 $("#custom_username_field").keyup(function(event){
-    if(event.keyCode == 13 && $(this).val().length >= 2 && $(this).val().length <= 32) {
-        lock_login_fields();
-        var usr = create_unauthenticated_user($(this).val());
-        usr.done(function(data) {
-            initialize_embed();
-        });
-        usr.fail(function(data) {
-            if (data.status == 429) {
-              Materialize.toast('Sorry! You are allowed to log in as a guest once every 15 minutes.', 10000);
-            } else if (data.status == 403) {
-                Materialize.toast('Authentication error! You have been banned.', 10000);
-            }
-            unlock_login_fields();
-        })
+    if (event.keyCode == 13) {
+        if (!(new RegExp(/^[a-z\d\-_\s]+$/i).test($(this).val()))) {
+            Materialize.toast('Illegal username provided! Only alphanumeric, spaces, dashes, and underscores allowed in usernames.', 10000);
+            return;
+        }
+        if($(this).val().length >= 2 && $(this).val().length <= 32) {
+            lock_login_fields();
+            var usr = create_unauthenticated_user($(this).val());
+            usr.done(function(data) {
+                initialize_embed();
+            });
+            usr.fail(function(data) {
+                if (data.status == 429) {
+                    Materialize.toast('Sorry! You are allowed to log in as a guest once every 15 minutes.', 10000);
+                } else if (data.status == 403) {
+                    Materialize.toast('Authentication error! You have been banned.', 10000);
+                } else if (data.status == 406) {
+                    Materialize.toast('Illegal username provided! Only alphanumeric, spaces, dashes, and underscores allowed in usernames.', 10000);
+                }
+                unlock_login_fields();
+            })
+        }
    }
 });