Restrict OAUTH Username Length

JohnGrubba · Sep 3, 2024 · 1d596de · 1d596de
1 parent 314e6ce
commit 1d596de
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/src/api/oauth_providers/github.py b/src/api/oauth_providers/github.py
@@ -110,6 +110,8 @@ async def oauth_callback(
             break
     username = rsp["login"]
     # Validate Username
+    if len(username) > 20:
+        username = username[:20]
     if len(username) < 4 or re.search("[^a-zA-Z0-9]", username) is not None:
         username = primary_email.split("@")[0]
 

diff --git a/src/api/oauth_providers/google.py b/src/api/oauth_providers/google.py
@@ -93,6 +93,8 @@ async def oauth_callback(
 
     username = jwt_decoded["name"].replace(" ", "")
     # Validate Username
+    if len(username) > 20:
+        username = username[:20]
     if len(username) < 4 or re.search("[^a-zA-Z0-9]", username) is not None:
         username = jwt_decoded["email"].split("@")[0]