verify the username, email and nickname are valid when registering via OAuth 2.0

2026-05-17 08:14:25 +08:00 · 2025-10-23 22:46:31 +08:00
parent b21fff5b15
commit d3ab2b94b7
24 changed files with 189 additions and 140 deletions
@@ -234,6 +234,18 @@ func (a *OAuth2AuthenticationApi) CallbackHandler(c *core.WebContext) (string, *
 				nickName = userName
 			}

+			if !utils.IsValidUsername(userName) {
+				return a.redirectToFailedCallbackPage(c, errs.ErrUserNameIsInvalid)
+			}
+
+			if !utils.IsValidEmail(email) {
+				return a.redirectToFailedCallbackPage(c, errs.ErrEmailIsInvalid)
+			}
+
+			if !utils.IsValidNickName(nickName) {
+				return a.redirectToFailedCallbackPage(c, errs.ErrNickNameIsInvalid)
+			}
+
 			if _, exists := locales.AllLanguages[oauth2UserInfo.LanguageCode]; exists {
 				languageCode = oauth2UserInfo.LanguageCode
 			}