From 4359819faf13c731628c88f89c77dee6cc33a1d9 Mon Sep 17 00:00:00 2001
From: kolaente <k@knt.li>
Date: Mon, 16 Dec 2024 23:09:35 +0100
Subject: [PATCH] fix(auth): do not allow commas in usernames

---
 pkg/user/validator.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/pkg/user/validator.go b/pkg/user/validator.go
index 160435fd4..d1ebb751b 100644
--- a/pkg/user/validator.go
+++ b/pkg/user/validator.go
@@ -18,18 +18,24 @@ package user
 
 import (
 	"github.com/asaskevich/govalidator"
+	"strings"
 )
 
 func init() {
 	govalidator.TagMap["username"] = func(i string) bool {
-		// To avoid making this overly complicated, we only two things:
+		// To avoid making this overly complicated, we only check three things:
 		// 1. No Spaces
 		// 2. Should not look like an url
+		// 3. Should not contain , (because then it will be impossible to search for)
+		if govalidator.HasWhitespace(i) {
+			return false
+		}
+
 		if govalidator.IsURL(i) {
 			return false
 		}
 
-		if govalidator.HasWhitespace(i) {
+		if strings.Contains(i, ",") {
 			return false
 		}