From 2c32610b08940edceeee352f68bd68638ca93adb Mon Sep 17 00:00:00 2001
From: cuqmbr <dr.juniorf@gmail.com>
Date: Mon, 1 Aug 2022 20:20:09 +0300
Subject: [PATCH] feat: add username & password validation on registration

---
 Server/Program.cs                        |  1 -
 Server/Services/AuthenticationService.cs | 68 ++++++++++++++++++++++++
 2 files changed, 68 insertions(+), 1 deletion(-)

diff --git a/Server/Program.cs b/Server/Program.cs
index c64a7d7..a57b3f7 100644
--- a/Server/Program.cs
+++ b/Server/Program.cs
@@ -4,7 +4,6 @@ using Microsoft.EntityFrameworkCore;
 using Microsoft.IdentityModel.Tokens;
 using Microsoft.OpenApi.Models;
 using Newtonsoft.Json;
-using Newtonsoft.Json.Serialization;
 using Server.Data;
 using Server.Models;
 using Server.Services;
diff --git a/Server/Services/AuthenticationService.cs b/Server/Services/AuthenticationService.cs
index 5f4b5ed..8852512 100644
--- a/Server/Services/AuthenticationService.cs
+++ b/Server/Services/AuthenticationService.cs
@@ -2,6 +2,7 @@ using System.IdentityModel.Tokens.Jwt;
 using System.Security.Claims;
 using System.Security.Cryptography;
 using System.Text;
+using System.Text.RegularExpressions;
 using DatabaseModels.InitialObjects;
 using DatabaseModels.Requests;
 using Microsoft.EntityFrameworkCore;
@@ -24,11 +25,21 @@ public class AuthenticationService
 
     public async Task<(bool success, string content)> Register(AuthenticationRequest request)
     {
+        if (!IsValidUsername(request.Username, out string usrErr))
+        {
+            return (false, usrErr);
+        }
+        
         if (await _dbContext.Users.AnyAsync(u => u.Username == request.Username))
         {
             return (false, "Username is taken.");
         }
 
+        if (!IsValidPassword(request.Password, out string pwdErr))
+        {
+            return (false, pwdErr);
+        }
+
         var user = new User {
             Username = request.Username,
             PasswordHash = request.Password,
@@ -109,4 +120,61 @@ public class AuthenticationService
         var bytes = hashGenerator.GetBytes(24);
         return Convert.ToBase64String(bytes);
     }
+
+    private bool IsValidUsername(string username, out string validationError)
+    {
+        if (username.Contains(" "))
+        {
+            validationError = "Username must be a one word.";
+            return false;
+        }
+
+        if (username.Length < 3)
+        {
+            validationError = "Username must be minimum 3 characters long.";
+            return false;
+        }
+
+        if (username.Length > 16)
+        {
+            validationError = "Username must be maximum 16 characters long.";
+        }
+        
+        validationError = String.Empty;
+        return true;
+    }
+    
+    private bool IsValidPassword(string password, out string validationError)
+    {
+        string defaultValidationError = "Invalid password.";
+        
+        if (String.IsNullOrEmpty(password) || String.IsNullOrWhiteSpace(password))
+        {
+            validationError = defaultValidationError;
+            return false;
+        }
+
+        if (password.Length < 8)
+        {
+            validationError = "Password must be minimum 8 characters long.";
+            return false;
+        }
+        
+        if (password.Length > 32)
+        {
+            validationError = "Password must be maximum 32 characters long.";
+            return false;
+        }
+
+        var regEx = new Regex("^(?=.*[a-z])(?=.*[A-Z]).{8,}$");
+
+        if (!regEx.IsMatch(password))
+        {
+            validationError = "Password must contain at least 1 upper, 1 lower case letters and 1 number.";
+            return false;
+        }
+
+        validationError = String.Empty;
+        return true;
+    }
 }
\ No newline at end of file