Details
-
Bug
-
Status: Closed
-
Should
-
Resolution: Fixed
-
None
-
None
-
None
-
Low
-
Description
We shouldn't just allow anything in the username field. For example, someone should not be able to have a username of "(" or "!^" or " ". We also can't allow usernames longer than the space we have to store them (50 chars, I believe).
How about something like this: (?i)!^[A-Z0-9][A-Z0-9\._-]{1,49}$
- 2 to 50 characters in length
- Start with a letter or number
- Can contain A-Z, 0-9, dot, underscore, or hyphen
- Case insensitive
Bonus Points:
- Constrain to ≤50 chars without spaces and use a regex in a global property (default value as above) to let implementations decide how they want their usernames to look.
The check for username should go in the UserValidator and if its not already happening, the UserServiceImpl.saveUser method should use that too. A unit test for this is imperative.
Initial discussion on the mailing list:
http://n2.nabble.com/possible-bug-with-getUsers%28%29-on-username-with-space-tp3433282p3433282.html
