better validation for password and username (!165) · Merge requests · e / infra / ecloud / nextcloud-apps / Ecloud Accounts

Alexandre Roux requested to merge dev/update-username-password-regex into main Sep 27, 2024

This is a proposed change to fix https://gitlab.e.foundation/e/infra/backlog/-/issues/3408

I couldn't test it because the account creation flow doesn't seem to work on staging or dev

I've reproduced what was already there but I wondering if we could do a better check at least for username, as the check is done only on validateInput, which means a user could forge a post request with curl to force it. I guess it would be better to make the check in two places

better validation for password and username

Merge request reports