diff options
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | atuin-server/src/handlers/user.rs | 16 | ||||
| -rw-r--r-- | docs/docs/commands/sync.md | 10 |
3 files changed, 24 insertions, 4 deletions
@@ -100,7 +100,7 @@ Read more below for offline-only usage, or for hosting your own server. ``` bash <(curl https://raw.githubusercontent.com/ellie/atuin/main/install.sh) -atuin register -u <USERNAME> -e <EMAIL> -p <PASSWORD> +atuin register -u <USERNAME> -e <EMAIL> atuin import auto atuin sync ``` diff --git a/atuin-server/src/handlers/user.rs b/atuin-server/src/handlers/user.rs index ec2131e12..e67828e45 100644 --- a/atuin-server/src/handlers/user.rs +++ b/atuin-server/src/handlers/user.rs @@ -92,6 +92,18 @@ pub async fn register<DB: Database>( ); } + for c in register.username.chars() { + match c { + 'a'..='z' | 'A'..='Z' | '0'..='9' | '-' => {} + _ => { + return Err(ErrorResponse::reply( + "Only alphanumeric and hyphens (-) are allowed in usernames", + ) + .with_status(StatusCode::BAD_REQUEST)) + } + } + } + let hashed = hash_secret(®ister.password); let new_user = NewUser { @@ -190,7 +202,9 @@ pub async fn login<DB: Database>( let verified = verify_str(user.password.as_str(), login.password.borrow()); if !verified { - return Err(ErrorResponse::reply("user not found").with_status(StatusCode::NOT_FOUND)); + return Err( + ErrorResponse::reply("password is not correct").with_status(StatusCode::UNAUTHORIZED) + ); } Ok(Json(LoginResponse { diff --git a/docs/docs/commands/sync.md b/docs/docs/commands/sync.md index 8fbb0c474..8cd12c543 100644 --- a/docs/docs/commands/sync.md +++ b/docs/docs/commands/sync.md @@ -26,8 +26,11 @@ Register for a sync account with atuin register -u <USERNAME> -e <EMAIL> -p <PASSWORD> ``` -Usernames must be unique, and emails shall only be used for important -notifications (security breaches, changes to service, etc). +If you don't want to have your password be included in shell history, you can omit +the password flag and you will be prompted to provide it through stdin. + +Usernames must be unique and only contain alphanumerics or hyphens, +and emails shall only be used for important notifications (security breaches, changes to service, etc). Upon success, you are also logged in :) Syncing should happen automatically from here! @@ -62,6 +65,9 @@ If you want to log in to a new machine, you will require your encryption key atuin login -u <USERNAME> -p <PASSWORD> -k <KEY> ``` +If you don't want to have your password be included in shell history, you can omit +the password flag and you will be prompted to provide it through stdin. + ## Logout ``` |