Merge pull request #112 from deploymenttheory/dev

ShocOne · web-flow · commit 2bac5247f94a · 2024-03-28T12:39:11.000Z
Refactor username validation to include password safe special characters
diff --git a/httpclient/httpclient_auth_validation.go b/httpclient/httpclient_auth_validation.go
@@ -40,13 +40,15 @@ func IsValidClientSecret(clientSecret string) (bool, string) {
 	return true, ""
 }
 
-// IsValidUsername checks if the provided username meets your application's validation criteria.
+// IsValidUsername checks if the provided username meets password safe validation criteria.
 // Returns true if valid, along with an empty error message; otherwise, returns false with an error message.
 func IsValidUsername(username string) (bool, string) {
-	if regexp.MustCompile(`^[a-zA-Z0-9]+$`).MatchString(username) {
+	// Extended regex to include a common set of password safe special characters
+	usernameRegex := `^[a-zA-Z0-9!@#$%^&*()_\-\+=\[\]{\}\\|;:'",<.>/?]+$`
+	if regexp.MustCompile(usernameRegex).MatchString(username) {
 		return true, ""
 	}
-	return false, "Username must contain only alphanumeric characters."
+	return false, "Username must contain only alphanumeric characters and password safe special characters (!@#$%^&*()_-+=[{]}\\|;:'\",<.>/?)."
 }
 
 // IsValidPassword checks if the provided password meets your application's validation criteria.

Original file line number	Diff line number	Diff line change
`@@ -40,13 +40,15 @@ func IsValidClientSecret(clientSecret string) (bool, string) {`
`40`	`40`	`return true, ""`
`41`	`41`	`}`
`42`	`42`
`43`		`-// IsValidUsername checks if the provided username meets your application's validation criteria.`
	`43`	`+// IsValidUsername checks if the provided username meets password safe validation criteria.`
`44`	`44`	`// Returns true if valid, along with an empty error message; otherwise, returns false with an error message.`
`45`	`45`	`func IsValidUsername(username string) (bool, string) {`
`46`		- if regexp.MustCompile(`^[a-zA-Z0-9]+$`).MatchString(username) {
	`46`	`+ // Extended regex to include a common set of password safe special characters`
	`47`	+ usernameRegex := `^[a-zA-Z0-9!@#$%^&*()_\-\+=\[\]{\}\\\|;:'",<.>/?]+$`
	`48`	`+ if regexp.MustCompile(usernameRegex).MatchString(username) {`
`47`	`49`	`return true, ""`
`48`	`50`	`}`
`49`		`- return false, "Username must contain only alphanumeric characters."`
	`51`	`+ return false, "Username must contain only alphanumeric characters and password safe special characters (!@#$%^&*()_-+=[{]}\\\|;:'\",<.>/?)."`
`50`	`52`	`}`
`51`	`53`
`52`	`54`	`// IsValidPassword checks if the provided password meets your application's validation criteria.`