Enhance registration process by adding input validation for username and password length, improve error handling for missing JSON data, and include API key in successful registration response.

routes/login.py

@@ -1,3 +1,5 @@
+"""Module to handle the login process."""
+
 from flask import Blueprint, request, jsonify, session
 from custom_functions.database.user_db import verify_user
 
@@ -9,37 +11,32 @@ login_bp = Blueprint(
 
 @login_bp.route("/login", methods=["POST"])
 def login():
-    if request.method == "POST":
-        data = request.get_json()
-        for required_field in ["username", "password"]:
-            if required_field not in data:
-                return (
-                    jsonify({"error": f"Missing required field: {required_field}"}),
-                    400,
-                )
+    """Handle the login process."""
+    data = request.get_json()
+    for required_field in ["username", "password"]:
+        if required_field not in data:
+            return (
+                jsonify({"error": f"Missing required field: {required_field}"}),
+                400,
+            )
 
-        if verify_user(data["username"], data["password"]):
-            session["username"] = data[
-                "username"
-            ].lower()  # Stored securely in a signed cookie
-            return jsonify({"message": "Successfully logged in!"})
-        else:
-            return jsonify({"error": "Invalid username or password!"}), 401
+    if verify_user(data["username"], data["password"]):
+        session["username"] = data[
+            "username"
+        ].lower()  # Stored securely in a signed cookie
+        return jsonify({"message": "Successfully logged in!"})
+    return jsonify({"error": "Invalid username or password!"}), 401
 
 
 @login_bp.route("/login/status", methods=["POST"])
 def login_status():
-    try:
-        username = session.get("username")
-        if username:
-            return jsonify({"message": "True"})
-        else:
-            return jsonify({"message": "False"})
-    except:
-        return jsonify({"message": "False"})
+    """Check if the user is logged in."""
+    username = session.get("username")
+    return jsonify({"message": "True" if username else "False"})
 
 
 @login_bp.route("/logout", methods=["POST"])
 def logout():
+    """Logout the user."""
     session.pop("username", None)
     return jsonify({"message": "Successfully logged out!"})

routes/register.py

@@ -1,7 +1,9 @@
+"""Module to handle the register process."""
+
 import re
+import uuid
 from flask import Blueprint, request, jsonify
 from custom_functions.database.user_db import add_user
-import uuid
 
 register_bp = Blueprint("register_bp", __name__)
 
@@ -11,20 +13,26 @@ PASSWORD_REGEX = re.compile(r"^\S+$")
 
 @register_bp.route("/register", methods=["POST"])
 def register():
-    if request.method != "POST":
-        return jsonify({"error": "Method not supported"}), 405
-
+    """Handle the register process."""
     data = request.get_json()
+    if data is None:
+        return jsonify({"error": "Invalid or missing JSON in request body."}), 400
 
     # Check required fields
     for required_field in ["username", "password"]:
         if required_field not in data:
             return jsonify({"error": f"Missing required field: {required_field}"}), 400
 
-    username = data["username"]
+    username = data["username"].lower()
     password = data["password"]
     api_key = str(uuid.uuid4())
 
+    # Length checks
+    if not (3 <= len(username) <= 32):
+        return jsonify({"error": "Username must be 3-32 characters."}), 400
+    if not (8 <= len(password) <= 128):
+        return jsonify({"error": "Password must be 8-128 characters."}), 400
+
     # Validate username and password
     if not USERNAME_REGEX.fullmatch(username):
         return (
@@ -41,6 +49,8 @@ def register():
 
     # Attempt to add user
     if add_user(username, password, api_key):
-        return jsonify({"message": "User successfully registered!"}), 201
-    else:
-        return jsonify({"error": "User already exists!"}), 409
+        return (
+            jsonify({"message": "User successfully registered!", "api_key": api_key}),
+            201,
+        )
+    return jsonify({"error": "User already exists!"}), 409