Issue 12604

Enforce in Drupal that user account names are simple

Reporter: mdoering
Assignee: cvizitiu
Type: NewFeature
Summary: Enforce in Drupal that user account names are simple
Description: Only allow lower cased latin alphanumericals plus .-_ and definitely no whitespace. We user user account names to build file and url paths and in other places where its important to keep them simple.
Priority: Critical
Resolution: Fixed
Status: Closed
Created: 2013-01-18 14:30:14.001
Updated: 2013-09-02 13:46:33.155
Resolved: 2013-03-03 18:48:08.036
TimeEstimate: 0
TimeSpent: 28800 />

Attachment Screen Shot 2013-01-22 at 10.18.58 AM.png

Attachment Screen Shot 2013-01-22 at 10.19.20 AM.png

Attachment Screen Shot 2013-01-22 at 10.23.49 AM.png

Created: 2013-01-18 15:03:23.131
Updated: 2013-01-18 15:03:23.131
What we want right now are 4 basic attributes:

{code}account name
first name
last name

The account name should be fixed forever and not changeable while the other 3 can be modified by the user at any time (maybe with an email change it needs to check if that mail is valid, but maybe this is not needed).


Comment: I think I've got it working for ASCII but I'm still worried about special chars from various country codes. Can you test? Should we remove "Kyle Braak" already and let him test also?
Created: 2013-01-21 17:54:47.945
Updated: 2013-01-21 17:54:47.945

Comment: ... of course, I mean /^[a-z0-9._-]+$/ :-|
Created: 2013-01-21 18:10:04.177
Updated: 2013-01-21 18:10:04.177

Created: 2013-01-22 10:36:21.445
Updated: 2013-01-22 10:36:21.445
Accented characters cannot be used, and I think this is fine. My initial tests confirm the validation is working fine.

[], would you agree that we also ensure the account name has a minimum and maximum length?

GMail's username for example must "use between 6 and 30 characters."


Comment: Well the current value is 60 but it's a Drupal constant. :-/ How does the length affects us anyway? I'm only worried that someone somewhere assumes the lengths will be 60 and then it hits us...
Created: 2013-01-22 10:49:03.657
Updated: 2013-01-22 10:49:03.657

Comment: A maximum length should be good although I dont know what exact length would cause havoc. Can file paths be unlimited? Is there a limit of http auth headers? Limit it to 60 characters sounds good to me.
Created: 2013-01-22 12:03:12.689
Updated: 2013-01-22 12:03:12.689

Comment: tested by kyle
Created: 2013-01-25 11:52:16.903
Updated: 2013-01-25 11:52:16.903

Comment: what about a minimum length of 3?
Created: 2013-02-21 16:57:58.467
Updated: 2013-02-21 16:57:58.467

Comment: Are we sure on either 3 or 6, as minimum length?
Created: 2013-02-22 14:52:28.867
Updated: 2013-02-22 14:52:28.867

Created: 2013-02-22 15:05:32.913
Updated: 2013-02-22 15:05:32.913
Cip said it disappeared from the live drupal, but expected it to be 6.
But I would rather suggest to switch all constraints to just 3 characters so that "tim" is still a valid user name.
Everyone ok with 3?

Created: 2013-02-22 15:19:34.456
Updated: 2013-02-22 15:20:16.477
I'll work on minimum 3

Markus, will you open a new issue for this?

Comment: good. I'll use 3 on the postgres side of things then. Thanks
Created: 2013-02-22 16:05:09.427
Updated: 2013-02-22 16:05:09.427

Comment: reopening this issue to implement the minimum account name length of 3
Created: 2013-02-22 16:24:49.696
Updated: 2013-02-22 16:24:49.696