Issue 12604

Enforce in Drupal that user account names are simple

12604
Reporter: mdoering
Assignee: cvizitiu
Type: NewFeature
Summary: Enforce in Drupal that user account names are simple
Description: Only allow lower cased latin alphanumericals plus .-_ and definitely no whitespace. We user user account names to build file and url paths and in other places where its important to keep them simple.
Priority: Critical
Resolution: Fixed
Status: Closed
Created: 2013-01-18 14:30:14.001
Updated: 2013-09-02 13:46:33.155
Resolved: 2013-03-03 18:48:08.036
TimeEstimate: 0
TimeSpent: 28800 />

Attachment Screen Shot 2013-01-22 at 10.18.58 AM.png


Attachment Screen Shot 2013-01-22 at 10.19.20 AM.png


Attachment Screen Shot 2013-01-22 at 10.23.49 AM.png



Author: mdoering@gbif.org
Created: 2013-01-18 15:03:23.131
Updated: 2013-01-18 15:03:23.131
        
What we want right now are 4 basic attributes:

{code}account name
first name
last name
email{code}

The account name should be fixed forever and not changeable while the other 3 can be modified by the user at any time (maybe with an email change it needs to check if that mail is valid, but maybe this is not needed).

Markus
    


Author: cvizitiu@gbif.org
Comment: I think I've got it working for ASCII but I'm still worried about special chars from various country codes. Can you test? Should we remove "Kyle Braak" already and let him test also?
Created: 2013-01-21 17:54:47.945
Updated: 2013-01-21 17:54:47.945


Author: cvizitiu@gbif.org
Comment: ... of course, I mean /^[a-z0-9._-]+$/ :-|
Created: 2013-01-21 18:10:04.177
Updated: 2013-01-21 18:10:04.177


Author: kbraak@gbif.org
Created: 2013-01-22 10:36:21.445
Updated: 2013-01-22 10:36:21.445
        
Accented characters cannot be used, and I think this is fine. My initial tests confirm the validation is working fine.

[~cvizitiu@gbif.org], would you agree that we also ensure the account name has a minimum and maximum length?

GMail's username for example must "use between 6 and 30 characters."

    


Author: cvizitiu@gbif.org
Comment: Well the current value is 60 but it's a Drupal constant. :-/ How does the length affects us anyway? I'm only worried that someone somewhere assumes the lengths will be 60 and then it hits us...
Created: 2013-01-22 10:49:03.657
Updated: 2013-01-22 10:49:03.657


Author: mdoering@gbif.org
Comment: A maximum length should be good although I dont know what exact length would cause havoc. Can file paths be unlimited? Is there a limit of http auth headers? Limit it to 60 characters sounds good to me.
Created: 2013-01-22 12:03:12.689
Updated: 2013-01-22 12:03:12.689


Author: mdoering@gbif.org
Comment: tested by kyle
Created: 2013-01-25 11:52:16.903
Updated: 2013-01-25 11:52:16.903


Author: mdoering@gbif.org
Comment: what about a minimum length of 3?
Created: 2013-02-21 16:57:58.467
Updated: 2013-02-21 16:57:58.467


Author: jcuadra@gbif.org
Comment: Are we sure on either 3 or 6, as minimum length?
Created: 2013-02-22 14:52:28.867
Updated: 2013-02-22 14:52:28.867


Author: mdoering@gbif.org
Created: 2013-02-22 15:05:32.913
Updated: 2013-02-22 15:05:32.913
        
Cip said it disappeared from the live drupal, but expected it to be 6.
But I would rather suggest to switch all constraints to just 3 characters so that "tim" is still a valid user name.
Everyone ok with 3?
    


Author: cvizitiu@gbif.org
Created: 2013-02-22 15:19:34.456
Updated: 2013-02-22 15:20:16.477
        
I'll work on minimum 3

Markus, will you open a new issue for this?
    


Author: jcuadra@gbif.org
Comment: good. I'll use 3 on the postgres side of things then. Thanks
Created: 2013-02-22 16:05:09.427
Updated: 2013-02-22 16:05:09.427


Author: mdoering@gbif.org
Comment: reopening this issue to implement the minimum account name length of 3
Created: 2013-02-22 16:24:49.696
Updated: 2013-02-22 16:24:49.696