From fa8e0dca4d573c7945d1b47b68aa873ffe7550da Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Mon, 9 Dec 2019 00:48:03 -0700
Subject: [PATCH] Update RegisterController

---
 .../Controllers/Auth/RegisterController.php   | 22 ++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php
index 738171de..fd0b2fa8 100644
--- a/app/Http/Controllers/Auth/RegisterController.php
+++ b/app/Http/Controllers/Auth/RegisterController.php
@@ -62,10 +62,23 @@ class RegisterController extends Controller
             'max:15',
             'unique:users',
             function ($attribute, $value, $fail) {
+                $dash = substr_count($value, '-');
+                $underscore = substr_count($value, '_');
+                $period = substr_count($value, '.');
+
+                if(($dash + $underscore + $period) > 1) {
+                    return $fail('Username is invalid. Can only contain one dash (-), period (.) or underscore (_).');
+                }
+
                 if (!ctype_alpha($value[0])) {
                     return $fail('Username is invalid. Must start with a letter or number.');
                 }
-                $val = str_replace(['_', '-', '.'], '', $value);
+
+                if (!ctype_alnum($value[strlen($value) - 1])) {
+                    return $fail('Username is invalid. Must end with a letter or number.');
+                }
+
+                $val = str_replace(['_', '.', '-'], '', $value);
                 if(!ctype_alnum($val)) {
                     return $fail('Username is invalid. Username must be alpha-numeric and may contain dashes (-), periods (.) and underscores (_).');
                 }
@@ -77,7 +90,7 @@ class RegisterController extends Controller
             'name'     => 'nullable|string|max:'.config('pixelfed.max_name_length'),
             'username' => $usernameRules,
             'email'    => 'required|string|email|max:255|unique:users',
-            'password' => 'required|string|min:8|confirmed',
+            'password' => 'required|string|min:12|confirmed',
         ];
 
         return Validator::make($data, $rules);
@@ -145,8 +158,11 @@ class RegisterController extends Controller
      */
     public function register(Request $request)
     {
+        abort_if(config('pixelfed.open_registration') == false, 400);
+
         $count = User::count();
         $limit = config('pixelfed.max_users');
+
         if(false == config('pixelfed.open_registration') || $limit && $limit <= $count) {
             return abort(403);
         }
@@ -158,6 +174,6 @@ class RegisterController extends Controller
         $this->guard()->login($user);
 
         return $this->registered($request, $user)
-                        ?: redirect($this->redirectPath());
+            ?: redirect($this->redirectPath());
     }
 }