validate usernames on registration (#982)

improve login password incorrect error message

update docs for registration with passwords
This commit is contained in:
Conrad Ludgate 2023-05-16 22:03:53 +01:00 committed by GitHub
parent 7b9dea72e3
commit 7d5a82df14
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 24 additions and 4 deletions

View file

@ -100,7 +100,7 @@ Read more below for offline-only usage, or for hosting your own server.
```
bash <(curl https://raw.githubusercontent.com/ellie/atuin/main/install.sh)
atuin register -u <USERNAME> -e <EMAIL> -p <PASSWORD>
atuin register -u <USERNAME> -e <EMAIL>
atuin import auto
atuin sync
```

View file

@ -92,6 +92,18 @@ pub async fn register<DB: Database>(
);
}
for c in register.username.chars() {
match c {
'a'..='z' | 'A'..='Z' | '0'..='9' | '-' => {}
_ => {
return Err(ErrorResponse::reply(
"Only alphanumeric and hyphens (-) are allowed in usernames",
)
.with_status(StatusCode::BAD_REQUEST))
}
}
}
let hashed = hash_secret(&register.password);
let new_user = NewUser {
@ -190,7 +202,9 @@ pub async fn login<DB: Database>(
let verified = verify_str(user.password.as_str(), login.password.borrow());
if !verified {
return Err(ErrorResponse::reply("user not found").with_status(StatusCode::NOT_FOUND));
return Err(
ErrorResponse::reply("password is not correct").with_status(StatusCode::UNAUTHORIZED)
);
}
Ok(Json(LoginResponse {

View file

@ -26,8 +26,11 @@ Register for a sync account with
atuin register -u <USERNAME> -e <EMAIL> -p <PASSWORD>
```
Usernames must be unique, and emails shall only be used for important
notifications (security breaches, changes to service, etc).
If you don't want to have your password be included in shell history, you can omit
the password flag and you will be prompted to provide it through stdin.
Usernames must be unique and only contain alphanumerics or hyphens,
and emails shall only be used for important notifications (security breaches, changes to service, etc).
Upon success, you are also logged in :) Syncing should happen automatically from
here!
@ -62,6 +65,9 @@ If you want to log in to a new machine, you will require your encryption key
atuin login -u <USERNAME> -p <PASSWORD> -k <KEY>
```
If you don't want to have your password be included in shell history, you can omit
the password flag and you will be prompted to provide it through stdin.
## Logout
```