From b216c72bdaf932f0d29738fc4714e37058a9601b Mon Sep 17 00:00:00 2001
From: TomatoCake <60300461+DEVTomatoCake@users.noreply.github.com>
Date: Thu, 29 Aug 2024 10:40:18 +0200
Subject: [PATCH] Fixes for password, mfa code & email validation

---
 assets/openapi.json                           | Bin 612567 -> 613679 bytes
 assets/schemas.json                           | Bin 22134205 -> 22134951 bytes
 .../schemas/ApplicationAuthorizeSchema.ts     |  10 +++++++---
 .../schemas/BackupCodesChallengeSchema.ts     |  10 +++++++---
 src/util/schemas/LoginSchema.ts               |  10 +++++++---
 src/util/schemas/MfaCodesSchema.ts            |  10 +++++++---
 src/util/schemas/PasswordResetSchema.ts       |  10 +++++++---
 src/util/schemas/TotpDisableSchema.ts         |  10 +++++++---
 src/util/schemas/TotpEnableSchema.ts          |  14 +++++++++++---
 src/util/schemas/UserModifySchema.ts          |  15 +++++++++++++++
 10 files changed, 68 insertions(+), 21 deletions(-)

diff --git a/assets/openapi.json b/assets/openapi.json
index b6544d27b11cf8574a987e84c7b9a4e84733cb34..b1818f4baec8b03972fb897f84816ec638488f1f 100644
GIT binary patch
delta 301
zcmcb<QFZ+;)eYKw)90%)^DvrCR{SYFd4U>~HT?h+OU`ryCQg>kv-vi1fYg*tcTi#u
zm~JP>tl#`Wy#0eX<Mt2YOw8v&a=qL2pEH@7L6{3<nPphO%;_7tnb@W$9AI+V4%GWt
z8zhLsDhB~3lj(>3m?weM^iSVl!>E8=^#&^@+wC9xnb-3}thgP|tVKZ2<bcU`(<i7g
zcTE5AmYrq#hcG5}u-WaViOfLEvfVV1Rn}?xf}M=Q(=TjdJ>Finm=%cGfS7%I*<y~w
FtpKuFY-s=h

delta 203
zcmZ3#OZECj)eYKwlLNR^H!tA(!vSJUUcl!*-9V0+b2|SkCjI7#673Tu7`IQ9U}8QG
zl(yNf_=3sQ49K#ZuCRfbWBXe<W+9eo0?fA4FSIkc!!>VLQDL5}4Kr`D!4lT#dbgPM
zr!Nm+o&+)mEaEVWIdXeR5c39pkkIsvNz7U(a?{_)u*A17NMQzImhB5tSVNqqH_TyC
UX+O7|6^Pk@n0@=X<s6Ay0R%cpIsgCw

diff --git a/assets/schemas.json b/assets/schemas.json
index 08ba372c4e19ee04607e4b8e375834c88cf9cc9d..c92ac3e9686cd942622e4503eb1f3f7edeee42c9 100644
GIT binary patch
delta 1745
zcmaLVc~n$Y0LSq&0t2$BhzoAa2<{3B?#qmWh>jbJnwI;L<(^umS?Z|OxRhv^4_9m|
z*IdGEQqe)9QM1*uv|I?wtjr}#D@^_V@Gm^a{`h>)J@4Ij-@Es`110{@P4kX~?wS>1
zO!7Iy4NqENRIX)kpedqsnC%LRF|3~80fs%(Y~Fn%WN+~Oc{@^PT8)4LXHx0i1(ry+
zCDMd)2tXi$U`8-PP#&QOLpUN(0TodRTB9<ePz6;{4b>5i8mNg{sEs;^fdy97MJ(b_
z5B1Ri4bcdV(F9G=%xj5^A80MRnPj&oF&+tMjuuEn5?Z1aTB8lxq8-|!13ID;Y+g^I
zJ#WQ>3%mSwx69ud4kUYB{w_yvKQJkGgd^RwG+PH1R+xgWNJTevhZ8-}6TQ$IeUOH9
zWFQlL(GUIc2nJvv9>rrAguxhsp%{kY-mt<ELrd;|(nJ3O$FW60?jqkvjPe%wMmuJg
z-9w6z;TswKutnmHbH!84?i}0W7=tJ9B*tPK#$y5|dUI@(uG}rVcCwLYn;cvA+W)^V
z!N@9bjx){|Uy3Vz%$;wajHfUKQ!x!s;~7lHvzURIcn-7hJYK+T%)wl^Fc0&w059St
zybL!MVi6W&30}dgSc)tx!*aZaY^=cRSP26;ScTPCgSA+P^~l8rya5m1#9Me98?gzS
zu?1VP4eww(c3>xV;a%imH{Qb@ybmuvz+UXbe&pi-4#I~59KvCIh(de>KaSuij^Se*
z$0zs{pW$<SfiH0aU*T(<#5edBr*InI;d`9HS)9Xp6yXOH;{txfPq>JmaS6ZRSNw*{
z_#Ibp71wYbf8YlG#9z3HTlgFQ;9r#BHvYpM++C7yH)TO7rvxa0N|0h!f|U@Zyb`K}
zDd9?lQbDPxR8k_9%1V?{MX9P(Q>rV`N)4r^QcJ0=)KOv-i(*ykDzQqOQctO`G*B8U
zjg-bp6Q!xrOo>+#l;%ncB~eLIS}LuS)=C?tt<p|uuXIp4DxDOYQhI8gHF7A)N*5(X
j>8hkE-IVT%Q|Y1fRC+1Bl|D+ElCET!eEIfFlWFcfA~xL5

delta 1590
zcmY+>dtA+T9LMp;5p_B$MTw|X?n;#VrBf-n<vuoJg@$47V+`ebwpnfm$1T?_m$~20
z+)5LfYs}r;Ha6Bq8it71`~2sR=j-u%{C<z$=kdL4n3iWcTzuTLW0KLD7UFL!%x%-l
zmUYhPygSl$zl-BlzBy%_HPtnGMv0fD#LIwEa6)O6fiqlSgey!a3pcpK1Lfce%_xrw
z@P-d6!WWfL8GfjOs_;hu0#OY?2u291qXufC7HXpo>Y^S(?Im7eF9X>{s3j#L4D}I?
z255)~M4}NIqY0X#8JeR7TA~$N+fyQ<b}iC0+pWYECQEu=6wHW5j6FRsHtV%MuRd}r
z)(~P{<L+bOJQ0U@v_%5ip*=dFBRU}wozVqd(GA_v13mEpdZ9Ny#7F3ZkI@(X@ClOa
zg}KRxiXB&{+q5L*^v3{uQqI8mDO#R2+34rkMZifnXG?}T1)pLN24e_5!%z&vaC?UN
z^G9zTzq~My2!3xy+JmA5TVO$vhb@1olee|N)7_F8GXf(q3ZpRwV=)e2U_2(^OH9Nh
ze1*xFf~iPF8m3`7W?&{}VKyxI8sFes%)xg^$6U<Ad@R61Sg{C;u>>|O#WF0%3ams1
zR$(>PU@g{RJ-){e$ixP0#3pRUkJy5(*oN)cft}ce-PnV@*atg)!hRgUK^($iWFZ?z
zkb|Fb6uCHt<H*Aa{DPA>h0{2Lvp9!*oW}+Hii@~}%eaE8xQ6Svf!}Zww{RPGa2LPh
z58T6j{E5Ht01xpu3h)p9#UngMA)cTJ|KTZ~;W_@t3%tZD6yr7CpagH{WX2fgK`Es;
zDW#P%inHRP7!_B=q?A?M6nDi#DW`ZUUP^hTg5s_CC>0f7rIJ!v@l&cORTY0FKnYZ;
zDM3oG5~5UBYA7|8T1suDj#5{tr-UkDN_{0<X`nPzB9us_k<wUcqBK>SDb1A@N=v1c
y(prg9%u2N4IK)^zwNc`fc%`k9ptMukD;<=MN+%^z>8x~7x*D=GW4aj(sqX;l;M61l

diff --git a/src/util/schemas/ApplicationAuthorizeSchema.ts b/src/util/schemas/ApplicationAuthorizeSchema.ts
index bf7998e2..04b7b1ea 100644
--- a/src/util/schemas/ApplicationAuthorizeSchema.ts
+++ b/src/util/schemas/ApplicationAuthorizeSchema.ts
@@ -1,17 +1,17 @@
 /*
 	Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
 	Copyright (C) 2023 Spacebar and Spacebar Contributors
-	
+
 	This program is free software: you can redistribute it and/or modify
 	it under the terms of the GNU Affero General Public License as published
 	by the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
-	
+
 	This program is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 	GNU Affero General Public License for more details.
-	
+
 	You should have received a copy of the GNU Affero General Public License
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
@@ -21,5 +21,9 @@ export interface ApplicationAuthorizeSchema {
 	guild_id: string;
 	permissions: string;
 	captcha_key?: string;
+	/**
+	 * @minLength 6
+	 * @maxLength 6
+	 */
 	code?: string; // 2fa code
 }
diff --git a/src/util/schemas/BackupCodesChallengeSchema.ts b/src/util/schemas/BackupCodesChallengeSchema.ts
index 9ac37518..25f1b707 100644
--- a/src/util/schemas/BackupCodesChallengeSchema.ts
+++ b/src/util/schemas/BackupCodesChallengeSchema.ts
@@ -1,21 +1,25 @@
 /*
 	Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
 	Copyright (C) 2023 Spacebar and Spacebar Contributors
-	
+
 	This program is free software: you can redistribute it and/or modify
 	it under the terms of the GNU Affero General Public License as published
 	by the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
-	
+
 	This program is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 	GNU Affero General Public License for more details.
-	
+
 	You should have received a copy of the GNU Affero General Public License
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
 
 export interface BackupCodesChallengeSchema {
+	/**
+	 * @minLength 1
+	 * @maxLength 72
+	 */
 	password: string;
 }
diff --git a/src/util/schemas/LoginSchema.ts b/src/util/schemas/LoginSchema.ts
index aec8272d..55b6a020 100644
--- a/src/util/schemas/LoginSchema.ts
+++ b/src/util/schemas/LoginSchema.ts
@@ -1,23 +1,27 @@
 /*
 	Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
 	Copyright (C) 2023 Spacebar and Spacebar Contributors
-	
+
 	This program is free software: you can redistribute it and/or modify
 	it under the terms of the GNU Affero General Public License as published
 	by the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
-	
+
 	This program is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 	GNU Affero General Public License for more details.
-	
+
 	You should have received a copy of the GNU Affero General Public License
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
 
 export interface LoginSchema {
 	login: string;
+	/**
+	 * @minLength 1
+	 * @maxLength 72
+	 */
 	password: string;
 	undelete?: boolean;
 	captcha_key?: string;
diff --git a/src/util/schemas/MfaCodesSchema.ts b/src/util/schemas/MfaCodesSchema.ts
index 9104fa5c..1f66f08c 100644
--- a/src/util/schemas/MfaCodesSchema.ts
+++ b/src/util/schemas/MfaCodesSchema.ts
@@ -1,22 +1,26 @@
 /*
 	Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
 	Copyright (C) 2023 Spacebar and Spacebar Contributors
-	
+
 	This program is free software: you can redistribute it and/or modify
 	it under the terms of the GNU Affero General Public License as published
 	by the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
-	
+
 	This program is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 	GNU Affero General Public License for more details.
-	
+
 	You should have received a copy of the GNU Affero General Public License
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
 
 export interface MfaCodesSchema {
+	/**
+	 * @minLength 1
+	 * @maxLength 72
+	 */
 	password: string;
 	regenerate?: boolean;
 }
diff --git a/src/util/schemas/PasswordResetSchema.ts b/src/util/schemas/PasswordResetSchema.ts
index 7c6b71a5..15489a91 100644
--- a/src/util/schemas/PasswordResetSchema.ts
+++ b/src/util/schemas/PasswordResetSchema.ts
@@ -1,22 +1,26 @@
 /*
 	Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
 	Copyright (C) 2023 Spacebar and Spacebar Contributors
-	
+
 	This program is free software: you can redistribute it and/or modify
 	it under the terms of the GNU Affero General Public License as published
 	by the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
-	
+
 	This program is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 	GNU Affero General Public License for more details.
-	
+
 	You should have received a copy of the GNU Affero General Public License
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
 
 export interface PasswordResetSchema {
+	/**
+	 * @minLength 1
+	 * @maxLength 72
+	 */
 	password: string;
 	token: string;
 }
diff --git a/src/util/schemas/TotpDisableSchema.ts b/src/util/schemas/TotpDisableSchema.ts
index 0bc0b8b2..29706f48 100644
--- a/src/util/schemas/TotpDisableSchema.ts
+++ b/src/util/schemas/TotpDisableSchema.ts
@@ -1,21 +1,25 @@
 /*
 	Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
 	Copyright (C) 2023 Spacebar and Spacebar Contributors
-	
+
 	This program is free software: you can redistribute it and/or modify
 	it under the terms of the GNU Affero General Public License as published
 	by the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
-	
+
 	This program is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 	GNU Affero General Public License for more details.
-	
+
 	You should have received a copy of the GNU Affero General Public License
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
 
 export interface TotpDisableSchema {
+	/**
+	 * @minLength 6
+	 * @maxLength 6
+	 */
 	code: string;
 }
diff --git a/src/util/schemas/TotpEnableSchema.ts b/src/util/schemas/TotpEnableSchema.ts
index 39c09eed..a80e06ac 100644
--- a/src/util/schemas/TotpEnableSchema.ts
+++ b/src/util/schemas/TotpEnableSchema.ts
@@ -1,23 +1,31 @@
 /*
 	Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
 	Copyright (C) 2023 Spacebar and Spacebar Contributors
-	
+
 	This program is free software: you can redistribute it and/or modify
 	it under the terms of the GNU Affero General Public License as published
 	by the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
-	
+
 	This program is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 	GNU Affero General Public License for more details.
-	
+
 	You should have received a copy of the GNU Affero General Public License
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
 
 export interface TotpEnableSchema {
+	/**
+	 * @minLength 1
+	 * @maxLength 72
+	 */
 	password: string;
+	/**
+	 * @minLength 6
+	 * @maxLength 6
+	 */
 	code?: string;
 	secret?: string;
 }
diff --git a/src/util/schemas/UserModifySchema.ts b/src/util/schemas/UserModifySchema.ts
index e4ed1071..6d2998eb 100644
--- a/src/util/schemas/UserModifySchema.ts
+++ b/src/util/schemas/UserModifySchema.ts
@@ -25,9 +25,24 @@ export interface UserModifySchema {
 	bio?: string;
 	accent_color?: number;
 	banner?: string | null;
+	/**
+	 * @minLength 1
+	 * @maxLength 72
+	 */
 	password?: string;
+	/**
+	 * @minLength 1
+	 * @maxLength 72
+	 */
 	new_password?: string;
+	/**
+	 * @minLength 6
+	 * @maxLength 6
+	 */
 	code?: string;
+	/**
+	 * @TJS-format email
+	 */
 	email?: string;
 	/**
 	 * @minLength 4