From d520e2af98be4f2c0ab076af3b3126ba1d261f4d Mon Sep 17 00:00:00 2001
From: Dylan De Faoite <dylanseandefaoite@gmail.com>
Date: Tue, 10 Mar 2026 22:48:04 +0000
Subject: [PATCH] fix(auth): missing email and username business rules

---
 server/core/auth.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/server/core/auth.py b/server/core/auth.py
index 625c3c2..34bb93c 100644
--- a/server/core/auth.py
+++ b/server/core/auth.py
@@ -1,6 +1,10 @@
+import re
+
 from server.db.database import PostgresConnector
 from flask_bcrypt import Bcrypt
 
+EMAIL_REGEX = re.compile(r"[^@]+@[^@]+\.[^@]+")
+
 class AuthManager:
     def __init__(self, db: PostgresConnector, bcrypt: Bcrypt):
         self.db = db
@@ -18,6 +22,12 @@ class AuthManager:
     def register_user(self, username, email, password):
         hashed_password = self.bcrypt.generate_password_hash(password).decode("utf-8")
 
+        if len(username) < 3:
+            raise ValueError("Username must be longer than 3 characters")
+        
+        if not EMAIL_REGEX.match(email):
+            raise ValueError("Please enter a valid email address")
+
         if self.get_user_by_email(email):
             raise ValueError("Email already registered")