From dc6558522e111d8a9b7d1ed01351d2ec777b395c Mon Sep 17 00:00:00 2001
From: taoso <tao@zz.ac>
Date: Fri, 27 Mar 2026 01:36:54 +0800
Subject: [PATCH] fix: allow one-char username on signup (#1378)

---
 backend/internal/dto/signup_dto.go       | 2 +-
 backend/internal/dto/user_dto.go         | 2 +-
 backend/internal/dto/validations.go      | 3 ++-
 backend/internal/dto/validations_test.go | 1 +
 frontend/src/lib/utils/zod-util.ts       | 2 +-
 tests/specs/account-settings.spec.ts     | 4 ++--
 6 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/backend/internal/dto/signup_dto.go b/backend/internal/dto/signup_dto.go
index f2ab2c55..a31d3e93 100644
--- a/backend/internal/dto/signup_dto.go
+++ b/backend/internal/dto/signup_dto.go
@@ -1,7 +1,7 @@
 package dto
 
 type SignUpDto struct {
-	Username  string  `json:"username" binding:"required,username,min=2,max=50" unorm:"nfc"`
+	Username  string  `json:"username" binding:"required,username,min=1,max=50" unorm:"nfc"`
 	Email     *string `json:"email" binding:"omitempty,email" unorm:"nfc"`
 	FirstName string  `json:"firstName" binding:"max=50" unorm:"nfc"`
 	LastName  string  `json:"lastName" binding:"max=50" unorm:"nfc"`
diff --git a/backend/internal/dto/user_dto.go b/backend/internal/dto/user_dto.go
index 000b5381..e337528f 100644
--- a/backend/internal/dto/user_dto.go
+++ b/backend/internal/dto/user_dto.go
@@ -23,7 +23,7 @@ type UserDto struct {
 }
 
 type UserCreateDto struct {
-	Username      string   `json:"username" binding:"required,username,min=2,max=50" unorm:"nfc"`
+	Username      string   `json:"username" binding:"required,username,min=1,max=50" unorm:"nfc"`
 	Email         *string  `json:"email" binding:"omitempty,email" unorm:"nfc"`
 	EmailVerified bool     `json:"emailVerified"`
 	FirstName     string   `json:"firstName" binding:"max=50" unorm:"nfc"`
diff --git a/backend/internal/dto/validations.go b/backend/internal/dto/validations.go
index 135706fa..a40973e0 100644
--- a/backend/internal/dto/validations.go
+++ b/backend/internal/dto/validations.go
@@ -13,7 +13,8 @@ import (
 // [a-zA-Z0-9]      : The username must start with an alphanumeric character
 // [a-zA-Z0-9_.@-]* : The rest of the username can contain alphanumeric characters, dots, underscores, hyphens, and "@" symbols
 // [a-zA-Z0-9]$     : The username must end with an alphanumeric character
-var validateUsernameRegex = regexp.MustCompile("^[a-zA-Z0-9][a-zA-Z0-9_.@-]*[a-zA-Z0-9]$")
+// (...)?           : This allows single-character usernames (just one alphanumeric character)
+var validateUsernameRegex = regexp.MustCompile("^[a-zA-Z0-9]([a-zA-Z0-9_.@-]*[a-zA-Z0-9])?$")
 
 var validateClientIDRegex = regexp.MustCompile("^[a-zA-Z0-9._-]+$")
 
diff --git a/backend/internal/dto/validations_test.go b/backend/internal/dto/validations_test.go
index f6449068..b91b3292 100644
--- a/backend/internal/dto/validations_test.go
+++ b/backend/internal/dto/validations_test.go
@@ -20,6 +20,7 @@ func TestValidateUsername(t *testing.T) {
 		{"starts with symbol", ".username", false},
 		{"ends with non-alphanumeric", "username-", false},
 		{"contains space", "user name", false},
+		{"valid single char", "a", true},
 		{"empty", "", false},
 		{"only special chars", "-._@", false},
 		{"valid long", "a1234567890_b.c-d@e", true},
diff --git a/frontend/src/lib/utils/zod-util.ts b/frontend/src/lib/utils/zod-util.ts
index 7bccb5ef..fe3aa45b 100644
--- a/frontend/src/lib/utils/zod-util.ts
+++ b/frontend/src/lib/utils/zod-util.ts
@@ -31,7 +31,7 @@ export const callbackUrlSchema = z
 
 export const usernameSchema = z
 	.string()
-	.min(2)
+	.min(1)
 	.max(30)
 	.regex(/^[a-zA-Z0-9]/, m.username_must_start_with())
 	.regex(/[a-zA-Z0-9]$/, m.username_must_end_with())
diff --git a/tests/specs/account-settings.spec.ts b/tests/specs/account-settings.spec.ts
index 33e12495..b5da2213 100644
--- a/tests/specs/account-settings.spec.ts
+++ b/tests/specs/account-settings.spec.ts
@@ -66,7 +66,7 @@ test('Change Locale', async ({ page }) => {
 	// Check if the validation messages are translated because they are provided by Zod
 	await page.getByRole('textbox', { name: 'Gebruikersnaam' }).fill('');
 	await page.getByRole('button', { name: 'Opslaan' }).click();
-	await expect(page.getByText('Te kort: verwacht dat string >=2 tekens heeft')).toBeVisible();
+	await expect(page.getByText('Te kort: verwacht dat string >=1 tekens heeft')).toBeVisible();
 
 	// Clear all cookies and sign in again to check if the language is still set to Dutch
 	await page.context().clearCookies();
@@ -76,7 +76,7 @@ test('Change Locale', async ({ page }) => {
 
 	await page.getByRole('textbox', { name: 'Gebruikersnaam' }).fill('');
 	await page.getByRole('button', { name: 'Opslaan' }).click();
-	await expect(page.getByText('Te kort: verwacht dat string >=2 tekens heeft')).toBeVisible();
+	await expect(page.getByText('Te kort: verwacht dat string >=1 tekens heeft')).toBeVisible();
 });
 
 test('Add passkey to an account', async ({ page }) => {