From d202f4e00d546763cad635b5308ba732426f344b Mon Sep 17 00:00:00 2001
From: Cory McWilliams <cory@unprompted.com>
Date: Fri, 27 Dec 2024 11:39:38 -0500
Subject: [PATCH] auth: Provide some feedback about valid account names. #92

---
 src/httpd.js.c | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/src/httpd.js.c b/src/httpd.js.c
index f04af51c..31e129e2 100644
--- a/src/httpd.js.c
+++ b/src/httpd.js.c
@@ -2080,19 +2080,26 @@ static void _httpd_endpoint_login_work(tf_ssb_t* ssb, void* user_data)
 			if (form_register && strcmp(form_register, "1") == 0)
 			{
 				bool registered = false;
-				if (!have_account && _is_name_valid(account_name) && password && confirm && strcmp(password, confirm) == 0)
+				if (!_is_name_valid(account_name))
 				{
-					sqlite3* db = tf_ssb_acquire_db_writer(ssb);
-					registered = tf_ssb_db_register_account(tf_ssb_get_loop(ssb), db, context, account_name, password);
-					tf_ssb_release_db_writer(ssb, db);
-					if (registered)
+					login_error = "Invalid username.  Usernames must contain only letters from the English alphabet and digits and must start with a letter.";
+				}
+				else
+				{
+					if (!have_account && _is_name_valid(account_name) && password && confirm && strcmp(password, confirm) == 0)
 					{
-						tf_free((void*)send_session);
-						send_session = _make_session_jwt(context, ssb, account_name);
-						may_become_first_admin = true;
+						sqlite3* db = tf_ssb_acquire_db_writer(ssb);
+						registered = tf_ssb_db_register_account(tf_ssb_get_loop(ssb), db, context, account_name, password);
+						tf_ssb_release_db_writer(ssb, db);
+						if (registered)
+						{
+							tf_free((void*)send_session);
+							send_session = _make_session_jwt(context, ssb, account_name);
+							may_become_first_admin = true;
+						}
 					}
 				}
-				if (!registered)
+				if (!registered && !login_error)
 				{
 					login_error = "Error registering account.";
 				}