From c5bc517bed7ab2604b602b54b0f9f89004ad8578 Mon Sep 17 00:00:00 2001
From: Yazeed Loonat <YazeedLoonat@gmail.com>
Date: Tue, 27 Feb 2024 19:22:13 -0700
Subject: [PATCH] feat: limit user names allowed (#3908)

---
 api/src/services/user.service.ts | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/api/src/services/user.service.ts b/api/src/services/user.service.ts
index f6f2719282..599824a520 100644
--- a/api/src/services/user.service.ts
+++ b/api/src/services/user.service.ts
@@ -479,6 +479,15 @@ export class UserService {
     requestingUser: User,
     jurisdictionName?: string,
   ): Promise<User> {
+    if (
+      this.containsInvalidCharacters(dto.firstName) ||
+      this.containsInvalidCharacters(dto.lastName)
+    ) {
+      throw new ForbiddenException(
+        `${dto.firstName} ${dto.lastName} was found to be invalid`,
+      );
+    }
+
     if (forPartners) {
       await this.authorizeAction(
         requestingUser,
@@ -849,4 +858,8 @@ export class UserService {
       return misMatched;
     }, []);
   }
+
+  containsInvalidCharacters(value: string): boolean {
+    return value.includes('.') || value.includes('http');
+  }
 }