bloom-legacy icon indicating copy to clipboard operation
bloom-legacy copied to clipboard

Published 20 hours ago verified publisher icon skerkour

Check username availability in realtime during registration

Open sylvain101010 opened this issue 5 years ago • 1 comments

problems:

  • [ ] prevent username enumeration
  • [ ] prevent DOS

sylvain101010 avatar Oct 28 '20 11:10 sylvain101010

let's go!

The frontend component to modify is: https://gitlab.com/bloom42/bloom/blob/dev/webapp/src/bloom/kernel/components/SetupUsernameForm.vue

also you may have to add a backend endpoint to check if username is available (https://gitlab.com/bloom42/bloom/tree/dev/server/kernel/src/myaccount).

The endpoint should be prevent bruteforce.

Also, on the frontend side, requests should be throttled to not request the backend at each input modification, but rather ~1.5 second after no input modification.

sylvain101010 avatar Oct 28 '20 11:10 sylvain101010