From d6a501f471bcc508e1090665333dc798c21d6586 Mon Sep 17 00:00:00 2001
From: Adam Barnhard <admbarn@gmail.com>
Date: Sat, 1 Nov 2014 15:10:52 -0500
Subject: [PATCH] added alias character check to backend user model

---
 server/models/user.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/server/models/user.js b/server/models/user.js
index fcf52a8..a1848e5 100644
--- a/server/models/user.js
+++ b/server/models/user.js
@@ -17,7 +17,9 @@ User.findById = function(id, cb){
 
 User.register = function(o, cb){
   User.collection.find({$or:[{email:o.email},{alias:o.alias}]}).toArray(function(err, users){
-    if(users.length || o.password.length < 3){return cb();}
+    var regEx = /^[\w]*$/;
+    // if user was found, password is less than 3 chars, or alias contains non-alphanumeric chars, break & return
+    if(users.length || o.password.length < 3 || !o.alias.match(regEx)){return cb();}
     o.password = bcrypt.hashSync(o.password, 10);
     User.collection.save(o, cb);
   });