From 66c5c6e62dcc8fe48bab266f937ab80d7272c0c8 Mon Sep 17 00:00:00 2001
From: Jesse Wierzbinski <contact@cpluspatch.com>
Date: Thu, 21 Nov 2024 09:31:37 +0100
Subject: [PATCH] fix(api): :bug: Also validate other username characters in
 username changes

---
 api/api/v1/accounts/update_credentials/index.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/api/api/v1/accounts/update_credentials/index.ts b/api/api/v1/accounts/update_credentials/index.ts
index 8e7d3af9..57c9165a 100644
--- a/api/api/v1/accounts/update_credentials/index.ts
+++ b/api/api/v1/accounts/update_credentials/index.ts
@@ -47,6 +47,10 @@ export const schemas = {
             .trim()
             .max(config.validation.max_username_size)
             .toLowerCase()
+            .regex(
+                /^[a-z0-9_-]+$/,
+                "Username can only contain letters, numbers, underscores and hyphens",
+            )
             .refine(
                 (s) =>
                     !config.filters.username.some((filter) => s.match(filter)),