validate usernames on registration (#982)
improve login password incorrect error message update docs for registration with passwords
This commit is contained in:
parent
7b9dea72e3
commit
7d5a82df14
3 changed files with 24 additions and 4 deletions
|
@ -100,7 +100,7 @@ Read more below for offline-only usage, or for hosting your own server.
|
||||||
```
|
```
|
||||||
bash <(curl https://raw.githubusercontent.com/ellie/atuin/main/install.sh)
|
bash <(curl https://raw.githubusercontent.com/ellie/atuin/main/install.sh)
|
||||||
|
|
||||||
atuin register -u <USERNAME> -e <EMAIL> -p <PASSWORD>
|
atuin register -u <USERNAME> -e <EMAIL>
|
||||||
atuin import auto
|
atuin import auto
|
||||||
atuin sync
|
atuin sync
|
||||||
```
|
```
|
||||||
|
|
|
@ -92,6 +92,18 @@ pub async fn register<DB: Database>(
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for c in register.username.chars() {
|
||||||
|
match c {
|
||||||
|
'a'..='z' | 'A'..='Z' | '0'..='9' | '-' => {}
|
||||||
|
_ => {
|
||||||
|
return Err(ErrorResponse::reply(
|
||||||
|
"Only alphanumeric and hyphens (-) are allowed in usernames",
|
||||||
|
)
|
||||||
|
.with_status(StatusCode::BAD_REQUEST))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
let hashed = hash_secret(®ister.password);
|
let hashed = hash_secret(®ister.password);
|
||||||
|
|
||||||
let new_user = NewUser {
|
let new_user = NewUser {
|
||||||
|
@ -190,7 +202,9 @@ pub async fn login<DB: Database>(
|
||||||
let verified = verify_str(user.password.as_str(), login.password.borrow());
|
let verified = verify_str(user.password.as_str(), login.password.borrow());
|
||||||
|
|
||||||
if !verified {
|
if !verified {
|
||||||
return Err(ErrorResponse::reply("user not found").with_status(StatusCode::NOT_FOUND));
|
return Err(
|
||||||
|
ErrorResponse::reply("password is not correct").with_status(StatusCode::UNAUTHORIZED)
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok(Json(LoginResponse {
|
Ok(Json(LoginResponse {
|
||||||
|
|
|
@ -26,8 +26,11 @@ Register for a sync account with
|
||||||
atuin register -u <USERNAME> -e <EMAIL> -p <PASSWORD>
|
atuin register -u <USERNAME> -e <EMAIL> -p <PASSWORD>
|
||||||
```
|
```
|
||||||
|
|
||||||
Usernames must be unique, and emails shall only be used for important
|
If you don't want to have your password be included in shell history, you can omit
|
||||||
notifications (security breaches, changes to service, etc).
|
the password flag and you will be prompted to provide it through stdin.
|
||||||
|
|
||||||
|
Usernames must be unique and only contain alphanumerics or hyphens,
|
||||||
|
and emails shall only be used for important notifications (security breaches, changes to service, etc).
|
||||||
|
|
||||||
Upon success, you are also logged in :) Syncing should happen automatically from
|
Upon success, you are also logged in :) Syncing should happen automatically from
|
||||||
here!
|
here!
|
||||||
|
@ -62,6 +65,9 @@ If you want to log in to a new machine, you will require your encryption key
|
||||||
atuin login -u <USERNAME> -p <PASSWORD> -k <KEY>
|
atuin login -u <USERNAME> -p <PASSWORD> -k <KEY>
|
||||||
```
|
```
|
||||||
|
|
||||||
|
If you don't want to have your password be included in shell history, you can omit
|
||||||
|
the password flag and you will be prompted to provide it through stdin.
|
||||||
|
|
||||||
## Logout
|
## Logout
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
Loading…
Reference in a new issue