fix: add character validation on user creation (#1653)

CityOfDetroit · Feb 28, 2024 · 8e7ed3a · 8e7ed3a
1 parent bad8bae
commit 8e7ed3a
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/backend/core/src/auth/services/user.service.ts b/backend/core/src/auth/services/user.service.ts
@@ -1,6 +1,7 @@
 import {
   BadRequestException,
   HttpException,
+  HttpStatus,
   Injectable,
   NotFoundException,
   Scope,
@@ -409,11 +410,21 @@ export class UserService {
     return await this.userRepository.save(newUser)
   }
 
+  containsInvalidCharacters(value: string): boolean {
+    return value.includes(".") || value.includes("http")
+  }
+
   public async createPublicUser(
     dto: UserCreateDto,
     authContext: AuthContext,
     sendWelcomeEmail = false
   ) {
+    if (
+      this.containsInvalidCharacters(dto.firstName) ||
+      this.containsInvalidCharacters(dto.lastName)
+    ) {
+      throw new HttpException("Forbidden", HttpStatus.FORBIDDEN)
+    }
     const newUser = await this._createUser(
       {
         ...dto,