From 960bdf225f42cbc58fc2f78c0bc5bbea5a247932 Mon Sep 17 00:00:00 2001
From: Christopher De Cairos <christopherd@mozillafoundation.org>
Date: Mon, 16 Sep 2013 15:32:37 -0400
Subject: [PATCH] Bug 916896 - Check for valid usernames

---
 index.js | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/index.js b/index.js
index 5343c3d..01dd706 100644
--- a/index.js
+++ b/index.js
@@ -21,6 +21,8 @@ var request = require( "request" ),
     Fogin = require( "./test/Fogin.js" ),
     persona = require( "express-persona" );
 
+var USERNAME_REGEX = /^[abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789\-\_]{1,20}$/;
+
 /**
  *  Module.exports
  **/
@@ -54,6 +56,10 @@ module.exports = function ( app, options ) {
 
   var loginAPI = {
     getUser: function ( id, callback ) {
+      if ( !USERNAME_REGEX.test( id ) ) {
+        // invalid username
+        return callback( "Invalid Username" );
+      }
       request({
         auth: {
           username: authBits.user,
@@ -88,6 +94,10 @@ module.exports = function ( app, options ) {
       });
     },
     isAdmin: function ( id, callback ) {
+      if ( !USERNAME_REGEX.test( id ) ) {
+        // invalid username
+        return callback( "Invalid Username" );
+      }
       request({
         auth: {
           username: authBits.user,