Parse signup validation

Question

I am using Parse handle user registration in the Swift-app I am building. To get started I have been following this tutorial: http://blog.bizzi-body.com/2015/02/10/ios-swift-1-2-parse-com-tutorial-users-sign-up-sign-in-and-securing-data-part-3-or-3/

In the end it states that I should consider adding: "Form validtion, you really must add validation to every place a user can type something."

My sign up code currently looks like this:

@IBAction func signUp(sender: AnyObject) {
    self.processSignUp()
}

func processSignUp() {

    var userEmailAddress = emailAddress.text
    var userPassword = password.text

    // Ensure username is lowercase
    userEmailAddress = userEmailAddress.lowercaseString

    // Create the user
    var user = PFUser()
    user.username = userEmailAddress
    user.password = userPassword
    user.email = userEmailAddress

    user.signUpInBackgroundWithBlock {
        (succeeded: Bool, error: NSError?) -> Void in
        if error == nil {

            dispatch_async(dispatch_get_main_queue()) {
                self.performSegueWithIdentifier("signInToNavigation", sender: self)
            }

        } else {

            self.activityIndicator.stopAnimating()

            if let message: AnyObject = error!.userInfo!["error"] {
                self.message.text = "\(message)"
            }               
        }
    }
}

I am wondering whether I need to add any extra validation of what is input by the user, or if this is sort of validation is not necessary when handling registrations with Parse.

Thank you for your time!

Answer 1

I use the following library. https://github.com/jpotts18/SwiftValidator

It's really easy to implement and covers everything I've needed so far. I really recommend it-

I for your sign up I recommend that you validate the username/email field and the password field.

Simple validation like. Not blank. Valid email address. Trim data of spaces. Remove quotation marks (all types). Remove line feeds - unless it's a multi line field/column.

The point I was trying to make in the blog post was - if you have a public form (even where the user has signed in in order to access the form) there will be some users who chose to mess with the data they enter. This "messed with" data might impact other users. It might impact other applications downstream - i.e. It might cause a security breach if the data ends up in a system where the data is injected into a database or other system. Basically my rule of thumb is.... trust no one.

Good luck!

Answer 2

I made a library to handle validations in an easy way with a lot of already written validations (email, includes, excludes, max chars, min chars, etc)... so it's super easy to test if an email is valid, or amount of characters or stuff like that.

The library is on github and is full of examples: SwiftCop

If you just want to test if an email is valid you can do something like this:

let emailTrial = Trial.Email
let trial = emailTrial.trial()
if trial(evidence: "test@test.com") {
   print("valid email")
}

The library provides a full solution to work with forms but you can just use the validations if you want...

Answer 3

Parse does have some validation in place that checks for a valid email, but does not provide anything else. To make sure users do not enter an empty or 3 digit password, you should probably add some password validation for length or maybe also to match certain criteria (upper/lowercase/numbers). Also - to make things significantly quicker - I would add email validation as well. You can have a look at this question for some implementation tips.