Feature/strengthen registration validation

[addz9015]

Which issue does this PR close?

Closes #1524

---

Rationale for This Change

This update strengthens user registration data quality and reduces spam or fake account creation by enforcing stricter validation rules at both the model and API layers.

Restricting registration to @gmail.com addresses reduces disposable-domain abuse for this release and ensures consistent email handling across the application.

Adding structured validation also:

• Surfaces clear, user-facing error messages
• Prevents invalid records from reaching the database
• Enforces consistent data integrity across layers

---

What Changes Are Included in This PR?

1. Model-Level Validation (user.py)

• Enforce full_name (or fallback to username) to match letters and spaces only
• Require email to be a @gmail.com address
• Raise ValueError if validation fails

---

2. Route-Level Validation (routes.py)

• Add validate_email() to enforce Gmail-only addresses

• Update /api/auth/register to enforce:

  • Full-name regex validation

  • Gmail-only email domain

  • Password strength requirements:

    • Minimum length
    • At least one uppercase letter
    • At least one lowercase letter
    • At least one number

• Return appropriate HTTP responses:

  • 400 — Validation failures (descriptive error messages)
  • 409 — User already exists

---

3. Tests Added (test_registration_validation.py)

Unit Tests

• Valid user creation with Gmail + alphabetic full name
• Rejection of numeric characters in full_name
• Rejection of non-Gmail addresses
• Fallback behavior validation

Integration Tests

• Exercise /api/auth/register
• Exercise legacy /api/v1/register endpoint
• Validate Gmail-only enforcement
• Confirm proper HTTP status codes and error messages

---

Files Modified / Added

• user.py
• routes.py
• test_registration_validation.py

---

Are These Changes Tested?

Yes — new unit and integration tests were added in test_registration_validation.py.

Run Tests Locally

From project root:

bash
python -m unittest tests.test_registration_validation

Or run the full test suite:

python -m unittest discover -s tests

Are There Any User-Facing Changes?

Yes.

The registration form and API now:

• Reject non-Gmail email addresses
• Reject names containing numeric or non-letter characters
• Return immediate 400 validation errors with descriptive messages

If client-side validation is enabled, users will also see aligned frontend error messaging.

Notes

This is an incremental, non-breaking change to registration behavior.

It affects users attempting to register with:

• Non-Gmail email addresses
• Names containing numeric or symbol characters

If needed, the validation can be updated to support:

• Additional trusted domains
• A configurable domain whitelist instead of hard-coded Gmail enforcement

Proof

• Email Verification:

• Password Verification:

• Name Verification:

[vercel]

@addz9015 is attempting to deploy a commit to the Om Roy's projects Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

Thanks for creating a PR for your Issue! ☺️

We'll review it as soon as possible.
In the meantime, please double-check the file changes and ensure that all commits are accurate.

If there are any unresolved review comments, feel free to resolve them. 🙌🏼

[omroy07]

Comflict

[addz9015]

@omroy07 Have made the required changes please check.

[github-actions]

🎉 Congrats @addz9015 on getting your PR merged! 🙌
Thanks for the contribution — looking forward to more from you 🚀