diff --git a/app/routes/auth.js b/app/routes/auth.js
index 6ce4546..7554092 100644
--- a/app/routes/auth.js
+++ b/app/routes/auth.js
@@ -10,10 +10,15 @@ var Invite = require('../models/Invite.js');
 
 var passport = require('passport');
 
+var striptags = require('striptags');
+
 function checkUsername(username, callback) {
+    if (username.length > 30) return callback(null, false);
+    if (striptags(username) !== username) return callback(null, false);
+
     User.find({username: username}).limit(1).count(function(err, count) {
         if (err) return callback(err);
-        count === 0 ? callback(null, true) : callback(null, false);
+        (count === 0) ? callback(null, true) : callback(null, false);
     });
 }
 
@@ -48,7 +53,7 @@ router.post('/register', function(req, res) {
         }
     }, function(err, result) {
         if (!result.userCheck) {
-            res.status(401).json({'message': 'Username in use.'});
+            res.status(401).json({'message': 'Invalid username.'});
         } else if (!result.inviteCheck.valid) {
             res.status(401).json({'message': 'Invalid invite code.'});
         } else {
diff --git a/test/api.js b/test/api.js
index 3efc285..c919ea9 100644
--- a/test/api.js
+++ b/test/api.js
@@ -28,7 +28,7 @@ before(function (done) {
                 code: 'TestCode2'
             }, {
                 code: 'TestCode3',
-                exp: new Date() - 1
+                exp: new Date()
             }
             ], cb);
         }
diff --git a/test/testUtil.js b/test/testUtil.js
index aec1690..1a2be1e 100644
--- a/test/testUtil.js
+++ b/test/testUtil.js
@@ -14,6 +14,9 @@ var app = require('../server');
 var server = app.server;
 var db = app.db;
 
+var should = chai.should;
+var expect = chai.expect;
+
 chai.use(http);
 
 //---------------- DATABASE UTIL ----------------//
@@ -80,7 +83,7 @@ var verifyFailedUserRegister = function(user, done) {
     register(user, function (err, res) {
         res.should.have.status(401);
         res.body.should.be.a('object');
-        res.body.should.have.property('message').eql('Username in use.');
+        res.body.should.have.property('message').eql('Invalid username.');
         done();
     });
 };
@@ -160,9 +163,9 @@ var verifySuccessfulUpload = function(user, done) {
     loginUpload(user, function(err, res) {
         res.should.have.status(200);
         res.body.should.have.be.a('object');
+        res.body.should.have.property('url');
         res.body.should.have.property('name');
-        res.body.should.have.property('oname');
-        res.body.should.have.property('created');
+        expect(res.body.name).to.match(/^[a-z]{6}$/);
         done();
     });
 };