From 8e7ed3a7f6c08a0ba4b2c5abc792c296993d9981 Mon Sep 17 00:00:00 2001
From: Morgan Ludtke <42942267+ludtkemorgan@users.noreply.github.com>
Date: Wed, 28 Feb 2024 16:24:24 -0600
Subject: [PATCH] fix: add character validation on user creation (#1653)

---
 backend/core/src/auth/services/user.service.ts | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/backend/core/src/auth/services/user.service.ts b/backend/core/src/auth/services/user.service.ts
index b93d89e757..13432e3468 100644
--- a/backend/core/src/auth/services/user.service.ts
+++ b/backend/core/src/auth/services/user.service.ts
@@ -1,6 +1,7 @@
 import {
   BadRequestException,
   HttpException,
+  HttpStatus,
   Injectable,
   NotFoundException,
   Scope,
@@ -409,11 +410,21 @@ export class UserService {
     return await this.userRepository.save(newUser)
   }
 
+  containsInvalidCharacters(value: string): boolean {
+    return value.includes(".") || value.includes("http")
+  }
+
   public async createPublicUser(
     dto: UserCreateDto,
     authContext: AuthContext,
     sendWelcomeEmail = false
   ) {
+    if (
+      this.containsInvalidCharacters(dto.firstName) ||
+      this.containsInvalidCharacters(dto.lastName)
+    ) {
+      throw new HttpException("Forbidden", HttpStatus.FORBIDDEN)
+    }
     const newUser = await this._createUser(
       {
         ...dto,