usernames must be alphanumeric; set html maxlength for username box to improve UX™

3 files changed, 5 insertions, 3 deletions

diff --git a/apioforum/auth.py b/apioforum/auth.py
index d5f2652..deacfc8 100644
--- a/apioforum/auth.py
+++ b/apioforum/auth.py
@@ -56,6 +56,8 @@ def register():
             err = f"User {username} is already registered."
         elif len(username) > 20:
             err = "username can't be longer than 20 characters"
+        elif not username.isalnum():
+            err = "username must be alphanumeric"
 
         if err is None:
             db.execute(
diff --git a/apioforum/templates/auth/register.html b/apioforum/templates/auth/register.html
index 7d079c2..5d27b90 100644
--- a/apioforum/templates/auth/register.html
+++ b/apioforum/templates/auth/register.html
@@ -7,7 +7,7 @@
 <p>create a new account here. if you already have an account, <a href="{{url_for('auth.login')}}">login</a> instead.</p>
 <form method="post">
     <label for="username">Username</label>
-    <input name="username" id="username" required>
+    <input name="username" id="username" maxlength="20" required>
     <br>
     <label for="password">Password</label>
     <input type="password" name="password" id="password" required>
diff --git a/apioforum/templates/user_settings.html b/apioforum/templates/user_settings.html
index cac613a..d463eee 100644
--- a/apioforum/templates/user_settings.html
+++ b/apioforum/templates/user_settings.html
@@ -5,9 +5,9 @@
 <fieldset>
 <legend>change password</legend>
 <label for="password">current password</label>
-<input type="text" id="password" name="password"><br>
+<input type="password" id="password" name="password"><br>
 <label for="new_password">new password</label>
-<input type="text" id="new_password" name="new_password">
+<input type="password" id="new_password" name="new_password">
 </fieldset>
 <fieldset>
 <legend>change bio</legend>