diff --git a/Cargo.lock b/Cargo.lock
index b9612ce..d015066 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -360,6 +360,7 @@ dependencies = [
  "bcrypt",
  "diesel",
  "r2d2",
+ "regex",
  "rocket",
  "rocket_contrib",
  "serde",
diff --git a/Cargo.toml b/Cargo.toml
index 9983326..717278a 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -15,6 +15,7 @@ publish = true
 [dependencies]
 bcrypt = "0.8.2"
 r2d2 = "0.8.9"
+regex = "1.4.1"
 rocket = "0.4.5"
 serde = "1.0"
 serde_derive = "1.0"
diff --git a/src/forms.rs b/src/forms.rs
index cbe218f..4df6cb4 100644
--- a/src/forms.rs
+++ b/src/forms.rs
@@ -1,3 +1,6 @@
+const PASSWORD_MIN_LENGTH: usize = 8;
+const PASSWORD_MAX_LENGTH: usize = 128;
+
 #[derive(FromForm)]
 pub struct UserSignUp {
     pub username: String,
@@ -6,6 +9,12 @@ pub struct UserSignUp {
 
 impl UserSignUp {
     pub fn is_valid(&self) -> bool {
-        true
+        let username_re = regex::Regex::new(r"^[a-z][a-z0-9]{3,}$").unwrap();
+        let not_password_re = regex::Regex::new(r"^\s*$").unwrap();
+
+        username_re.is_match(self.username.as_str()) &&
+            !not_password_re.is_match(self.password.as_str()) &&
+            self.password.len() >= PASSWORD_MIN_LENGTH &&
+            self.password.len() <= PASSWORD_MAX_LENGTH
     }
 }
diff --git a/src/tests.rs b/src/tests.rs
index 3758ae7..ec033d3 100644
--- a/src/tests.rs
+++ b/src/tests.rs
@@ -1,5 +1,5 @@
 #[cfg(test)]
-mod test {
+mod requests {
     use crate::config;
     use crate::web;
 
@@ -20,3 +20,78 @@ mod test {
         assert_eq!(response.status(), Status::Ok);
     }
 }
+
+#[cfg(test)]
+mod forms {
+    use crate::forms;
+
+    #[test]
+    fn user_sign_up() {
+        let form = forms::UserSignUp {
+            username: "kotovalexarian".to_string(),
+            password: "q1w2e3r4t5y6".to_string(),
+        };
+
+        assert_eq!(form.is_valid(), true);
+    }
+
+    #[test]
+    fn user_sign_up_with_empty_username() {
+        let form = forms::UserSignUp {
+            username: "".to_string(),
+            password: "q1w2e3r4t5y6".to_string(),
+        };
+
+        assert_eq!(form.is_valid(), false);
+    }
+
+    #[test]
+    fn user_sign_up_with_blank_username() {
+        let form = forms::UserSignUp {
+            username: " ".to_string(),
+            password: "q1w2e3r4t5y6".to_string(),
+        };
+
+        assert_eq!(form.is_valid(), false);
+    }
+
+    #[test]
+    fn user_sign_up_with_too_short_username() {
+        let form = forms::UserSignUp {
+            username: "foo".to_string(),
+            password: "q1w2e3r4t5y6".to_string(),
+        };
+
+        assert_eq!(form.is_valid(), false);
+    }
+
+    #[test]
+    fn user_sign_up_with_empty_password() {
+        let form = forms::UserSignUp {
+            username: "kotovalexarian".to_string(),
+            password: "".to_string(),
+        };
+
+        assert_eq!(form.is_valid(), false);
+    }
+
+    #[test]
+    fn user_sign_up_with_blank_password() {
+        let form = forms::UserSignUp {
+            username: "kotovalexarian".to_string(),
+            password: " ".to_string(),
+        };
+
+        assert_eq!(form.is_valid(), false);
+    }
+
+    #[test]
+    fn user_sign_up_with_too_short_password() {
+        let form = forms::UserSignUp {
+            username: "kotovalexarian".to_string(),
+            password: "1234567".to_string(),
+        };
+
+        assert_eq!(form.is_valid(), false);
+    }
+}