From 5e0ab5cc38c764f67874da614d42f4b5396bee3e Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Mon, 19 Sep 2022 01:22:53 +0200
Subject: [PATCH] new: [users] username validation added

- >5 && <50 in length required
- trim username to test to avoid whitespace names

- as reported by SK-CERT
---
 src/Model/Table/UsersTable.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/Model/Table/UsersTable.php b/src/Model/Table/UsersTable.php
index b4caebe..cc440a2 100644
--- a/src/Model/Table/UsersTable.php
+++ b/src/Model/Table/UsersTable.php
@@ -94,6 +94,16 @@ class UsersTable extends AppTable
                     'message' => __('Password confirmation missing or not matching the password.')
                 ]
             ])
+            ->add('username', [
+                'username_policy' => [
+                    'rule' => function($value, $context) {
+                        if (mb_strlen(trim($value)) < 5 || mb_strlen(trim($value)) > 50) {
+                            return __('Invalid username length. Make sure that you provide a username of at least 5 and up to 50 characters in length.');
+                        }
+                        return true;
+                    }
+                ]
+            ])
             ->requirePresence(['username'], 'create')
             ->notEmptyString('username', 'Please fill this field');
         return $validator;