Add max username length restriction of 40 chars (#420)

src/AliasVault.Api/Controllers/AuthController.cs

@@ -459,6 +459,7 @@ private static string NormalizeUsername(string username)
     private static (bool IsValid, string ErrorMessage) ValidateUsername(string username)
     {
         const int minimumUsernameLength = 3;
+        const int maximumUsernameLength = 40;
         const string adminUsername = "admin";
 
         if (string.IsNullOrWhiteSpace(username))
@@ -468,7 +469,12 @@ private static (bool IsValid, string ErrorMessage) ValidateUsername(string usern
 
         if (username.Length < minimumUsernameLength)
         {
-            return (false, $"Username must be at least {minimumUsernameLength} characters long.");
+            return (false, $"Username too short: must be at least {minimumUsernameLength} characters long.");
+        }
+
+        if (username.Length > maximumUsernameLength)
+        {
+            return (false, $"Username too long: cannot be longer than {maximumUsernameLength} characters.");
         }
 
         if (string.Equals(username, adminUsername, StringComparison.OrdinalIgnoreCase))

src/Tests/AliasVault.E2ETests/Common/PlaywrightTest.cs

@@ -29,7 +29,7 @@ public abstract class PlaywrightTest
     /// <summary>
     /// Gets or sets random unique account email that is used for the test.
     /// </summary>
-    protected virtual string TestUserUsername { get; set; } = $"{Guid.NewGuid()}@test.com";
+    protected virtual string TestUserUsername { get; set; } = $"{Guid.NewGuid().ToString()[..10]}@test.com";
 
     /// <summary>
     /// Gets or sets random unique account password that is used for the test.

src/Tests/AliasVault.E2ETests/Tests/Client/Shard4/UserSetupTests.cs

@@ -116,4 +116,55 @@ public async Task UserSetupUsernameExistsTest()
         var errorMessage = await WaitForAndGetElement("text='Username is already in use.'");
         Assert.That(errorMessage, Is.Not.Null, "The 'Username is already in use' error message should appear.");
     }
+
+    /// <summary>
+    /// Test if the "Username too short" and "Username too long" error appears when trying to register with an invalid username.
+    /// </summary>
+    /// <returns>Async task.</returns>
+    [Test]
+    [Order(3)]
+    public async Task UserSetupUsernameLengthTest()
+    {
+        // Logout.
+        await Logout();
+        await Page.GotoAsync(AppBaseUrl);
+        await WaitForUrlAsync("user/start", "Create new vault");
+
+        // Click the "Create new vault" anchor tag.
+        var createVaultButton = await WaitForAndGetElement("a:has-text('Create new vault')");
+        await createVaultButton.ClickAsync();
+
+        // Wait for the terms and conditions to load.
+        await WaitForUrlAsync("user/setup", "Terms and Conditions");
+
+        // Accept the terms and conditions.
+        var acceptTermsCheckbox = await WaitForAndGetElement("input[id='agreeTerms']");
+        await acceptTermsCheckbox.CheckAsync();
+
+        // Wait for the continue button to be enabled.
+        await Task.Delay(100);
+
+        // Press the continue button.
+        var continueButton = await WaitForAndGetElement("button:has-text('Continue')");
+        await continueButton.ClickAsync();
+
+        // Wait for the username step to load.
+        await WaitForUrlAsync("user/setup", "Username");
+        var usernameField = await WaitForAndGetElement("input[id='username']");
+        await usernameField.FillAsync("ts"); // Too short username (2 chars)
+
+        // Check if the "Username is too short" error message appears
+        var errorMessage = await WaitForAndGetElement("text='Username too short: must be at least 3 characters long.'");
+        Assert.That(errorMessage, Is.Not.Null, "The 'Username too short' error message should appear.");
+
+        // Clear the username field.
+        await usernameField.FillAsync(string.Empty);
+
+        // Fill in a too long username (41 chars).
+        await usernameField.FillAsync("asdasdasdasdasdasdasdasdasdaaaasasddsdasd"); // Too long username (41 chars)
+
+        // Check if the "Username is too short" error message appears
+        errorMessage = await WaitForAndGetElement("text='Username too long: cannot be longer than 40 characters.'");
+        Assert.That(errorMessage, Is.Not.Null, "The 'Username too long' error message should appear.");
+    }
 }