fix: trim whitespace from username on login and registration (#277)

Add .trim() to both loginSchema and registerSchema Zod validators so leading/trailing spaces are stripped before validation and DB lookup. Includes 5 new test cases covering trim behavior for both endpoints.
2026-02-22 17:51:41 +01:00
parent c620146c4b
commit d0e2ee0783
2 changed files with 82 additions and 1 deletions
@@ -53,6 +53,7 @@ const sensitiveRateLimitConfig = {
 const registerSchema = z.object({
 	username: z
 		.string()
+		.trim()
 		.min(3, "Username must be at least 3 characters")
 		.max(50, "Username must be at most 50 characters")
 		.regex(/^[a-zA-Z0-9_-]+$/, "Username can only contain letters, numbers, underscores, and hyphens"),
@@ -63,7 +64,7 @@ const registerSchema = z.object({
 });

 const loginSchema = z.object({
-	username: z.string().min(1, "Username is required"),
+	username: z.string().trim().min(1, "Username is required"),
 	password: z.string().min(1, "Password is required"),
 	rememberMe: z.boolean().optional().default(false),
 });