From e506f0132ee4bde6725f2b4cce800bf686ccfe23 Mon Sep 17 00:00:00 2001
From: Marcus0410 <marcus.ikdal@gmail.com>
Date: Wed, 26 Feb 2025 09:49:48 +0100
Subject: [PATCH 1/2] implemented email format validation

---
 src/controllers/user.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/controllers/user.js b/src/controllers/user.js
index 40ff0f1c..f195183c 100644
--- a/src/controllers/user.js
+++ b/src/controllers/user.js
@@ -4,6 +4,11 @@ import { sendDataResponse, sendMessageResponse } from '../utils/responses.js'
 export const create = async (req, res) => {
   const userToCreate = await User.fromJson(req.body)
 
+  const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/
+  if (!emailRegex.test(userToCreate.email)) {
+    return sendDataResponse(res, 400, { email: 'Invalid email format' })
+  }
+
   try {
     const existingUser = await User.findByEmail(userToCreate.email)
 

From 66c1dac2691111f21190d868c6d0321cbe60e87e Mon Sep 17 00:00:00 2001
From: Marcus0410 <marcus.ikdal@gmail.com>
Date: Wed, 26 Feb 2025 10:31:01 +0100
Subject: [PATCH 2/2] implemented password validation

---
 src/controllers/user.js | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/controllers/user.js b/src/controllers/user.js
index f195183c..f261ade0 100644
--- a/src/controllers/user.js
+++ b/src/controllers/user.js
@@ -2,13 +2,28 @@ import User from '../domain/user.js'
 import { sendDataResponse, sendMessageResponse } from '../utils/responses.js'
 
 export const create = async (req, res) => {
+  const rawPassword = req.body.password
   const userToCreate = await User.fromJson(req.body)
 
+  // validate email format
   const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/
   if (!emailRegex.test(userToCreate.email)) {
     return sendDataResponse(res, 400, { email: 'Invalid email format' })
   }
 
+  // validate password format
+  // - At least 8 characters in length
+  // - Contains at least one uppercase letter
+  // - Contains at least one number
+  // - Contains at least one special character
+  const passwordRegex = /^(?=.*[A-Z])(?=.*\d)(?=.*[^A-Za-z0-9]).{8,}$/
+  if (!passwordRegex.test(rawPassword)) {
+    return sendDataResponse(res, 400, {
+      password:
+        'Password must be at least 8 characters long, contain at least one uppercase letter, one number, and one special character'
+    })
+  }
+
   try {
     const existingUser = await User.findByEmail(userToCreate.email)