Reject usernames with a length > 36

ractf · Feb 13, 2022 · ffa24b0 · ffa24b0
1 parent f8717d0
commit ffa24b0
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/src/authentication/basic_auth.py b/src/authentication/basic_auth.py
@@ -17,6 +17,8 @@ def validate(self, data):
 
         self.validate_email(data["email"])
         self.check_email_or_username_in_use(email=data["email"], username=data["username"])
+        if len(data["username"]) > 36:
+            raise ValidationError("username_too_long")
 
         return {key: data[key] for key in self.required_fields}
 

diff --git a/src/authentication/tests.py b/src/authentication/tests.py
@@ -235,6 +235,15 @@ def test_register_with_mail_failing_domain(self):
             config.set("email_domain", None)
             self.assertEqual(response.status_code, HTTP_400_BAD_REQUEST)
 
+    def test_register_long_username(self):
+        data = {
+            "username": "a" * 37,
+            "password": "uO7*$E@0ngqL",
+            "email": "user11@example.org",
+        }
+        response = self.client.post(reverse("register"), data)
+        self.assertEqual(response.status_code, HTTP_400_BAD_REQUEST)
+
 
 class EmailResendTestCase(APITestCase):
     def test_email_resend(self):