From ccba485215a3a4b4dff052e79e873ec010271fa6 Mon Sep 17 00:00:00 2001
From: fdb-hiroshima <35889323+fdb-hiroshima@users.noreply.github.com>
Date: Tue, 25 Dec 2018 18:00:21 +0100
Subject: [PATCH] Trim email and username (#386)

Also forbid whitespaces in username
Fix #385
---
 src/routes/user.rs | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/routes/user.rs b/src/routes/user.rs
index 89d99e5..2abdaa6 100644
--- a/src/routes/user.rs
+++ b/src/routes/user.rs
@@ -300,7 +300,7 @@ pub fn passwords_match(form: &NewUserForm) -> Result<(), ValidationError> {
 }
 
 pub fn validate_username(username: &str) -> Result<(), ValidationError> {
-    if username.contains(&['<', '>', '&', '@', '\'', '"'][..]) {
+    if username.contains(&['<', '>', '&', '@', '\'', '"', ' ', '\n', '\t'][..]) {
         Err(ValidationError::new("username_illegal_char"))
     } else {
         Ok(())
@@ -316,6 +316,9 @@ pub fn create(conn: DbConn, form: LenientForm<NewUserForm>, intl: I18n) -> Resul
         return Ok(Redirect::to(uri!(new))); // Actually, it is an error
     }
 
+    let mut form = form.into_inner();
+    form.username = form.username.trim().to_owned();
+    form.email = form.email.trim().to_owned();
     form.validate()
         .map(|_| {
             NewUser::new_local(
@@ -333,7 +336,7 @@ pub fn create(conn: DbConn, form: LenientForm<NewUserForm>, intl: I18n) -> Resul
             render!(users::new(
                 &(&*conn, &intl.catalog, None),
                 Instance::get_local(&*conn).map(|i| i.open_registrations).unwrap_or(true),
-                &*form,
+                &form,
                 err
             ))
         })