Enforce in Drupal that user account names are simple
12604
Reporter: mdoering
Assignee: cvizitiu
Type: NewFeature
Summary: Enforce in Drupal that user account names are simple
Description: Only allow lower cased latin alphanumericals plus .-_ and definitely no whitespace. We user user account names to build file and url paths and in other places where its important to keep them simple.
Priority: Critical
Resolution: Fixed
Status: Closed
Created: 2013-01-18 14:30:14.001
Updated: 2013-09-02 13:46:33.155
Resolved: 2013-03-03 18:48:08.036
TimeEstimate: 0
TimeSpent: 28800 />
Author: mdoering@gbif.org
Created: 2013-01-18 15:03:23.131
Updated: 2013-01-18 15:03:23.131
What we want right now are 4 basic attributes:
{code}account name
first name
last name
email{code}
The account name should be fixed forever and not changeable while the other 3 can be modified by the user at any time (maybe with an email change it needs to check if that mail is valid, but maybe this is not needed).
Markus
Author: cvizitiu@gbif.org
Comment: I think I've got it working for ASCII but I'm still worried about special chars from various country codes. Can you test? Should we remove "Kyle Braak" already and let him test also?
Created: 2013-01-21 17:54:47.945
Updated: 2013-01-21 17:54:47.945
Author: cvizitiu@gbif.org
Comment: ... of course, I mean /^[a-z0-9._-]+$/ :-|
Created: 2013-01-21 18:10:04.177
Updated: 2013-01-21 18:10:04.177
Author: kbraak@gbif.org
Created: 2013-01-22 10:36:21.445
Updated: 2013-01-22 10:36:21.445
Accented characters cannot be used, and I think this is fine. My initial tests confirm the validation is working fine.
[~cvizitiu@gbif.org], would you agree that we also ensure the account name has a minimum and maximum length?
GMail's username for example must "use between 6 and 30 characters."
Author: cvizitiu@gbif.org
Comment: Well the current value is 60 but it's a Drupal constant. :-/ How does the length affects us anyway? I'm only worried that someone somewhere assumes the lengths will be 60 and then it hits us...
Created: 2013-01-22 10:49:03.657
Updated: 2013-01-22 10:49:03.657
Author: mdoering@gbif.org
Comment: A maximum length should be good although I dont know what exact length would cause havoc. Can file paths be unlimited? Is there a limit of http auth headers? Limit it to 60 characters sounds good to me.
Created: 2013-01-22 12:03:12.689
Updated: 2013-01-22 12:03:12.689
Author: mdoering@gbif.org
Comment: what about a minimum length of 3?
Created: 2013-02-21 16:57:58.467
Updated: 2013-02-21 16:57:58.467
Author: jcuadra@gbif.org
Comment: Are we sure on either 3 or 6, as minimum length?
Created: 2013-02-22 14:52:28.867
Updated: 2013-02-22 14:52:28.867
Author: mdoering@gbif.org
Created: 2013-02-22 15:05:32.913
Updated: 2013-02-22 15:05:32.913
Cip said it disappeared from the live drupal, but expected it to be 6.
But I would rather suggest to switch all constraints to just 3 characters so that "tim" is still a valid user name.
Everyone ok with 3?
Author: cvizitiu@gbif.org
Created: 2013-02-22 15:19:34.456
Updated: 2013-02-22 15:20:16.477
I'll work on minimum 3
Markus, will you open a new issue for this?
Author: jcuadra@gbif.org
Comment: good. I'll use 3 on the postgres side of things then. Thanks
Created: 2013-02-22 16:05:09.427
Updated: 2013-02-22 16:05:09.427
Author: mdoering@gbif.org
Comment: reopening this issue to implement the minimum account name length of 3
Created: 2013-02-22 16:24:49.696
Updated: 2013-02-22 16:24:49.696
