On 10/08/2012 11:59 AM, Matt Wagner wrote:
On Mon, Oct 08, 2012 at 05:33:11PM +0200, Tomas Hrcka wrote:
> On Mon, 2012-10-08 at 11:16 -0400, Matt Wagner wrote:
>> On Mon, Oct 08, 2012 at 02:00:14PM +0200, Tomáš Hrčka wrote:
>>> + validates_format_of :username, :with => /[a-z0-9A-Z]/, :message =>
I18n.t("users.flash.warning.invalid_username")
>> I'm going to comment on the bug itself and question whether it's even a
>> valid bug, but I'm not a fan of this particular implementation.
>>
>> This would keep you from being thrčka ('č' is not "valid"), me
from being
>> 'matt.wagner' (it uses a verboten '.'), or someone who speaks
Chinese or
>> Russian or any other language with a non-Latin alphabet from even being
>> able to use their name in their username. To me, that is far worse than
>> being able to create a username named '.'.
> You are right, now when I think about it it's all wrong. What about
> validation at least first char is not in .~!@#$%^&*()
What irks me about this "bug" is that there's no clear solution, at
least not that I can see. I think it's really an RFE, but it's an RFE
that's too vague for us to be able to implement. Personally I would vote
that we just close this thing, but that's not my call.
I can't think of a case where '#' or '&' would ever be a
reasonable
character in a username. But if some weird customer decides to that they
want to conserve user accounts, there's no reason that 'Tomas & Matt'
can't be a valid username, except that we think it's strange.
I think a '.' or '_' is fine in the middle of a username, but not at
either end. 'matt.wagner' is a normal username, but '.matt.' would be
really weird.
But at the end of the day, I don't know that it's our place to make up
arbitrary username rules. If someone wants to create a user named
'.~!@#$%^&*()' or '☃☃⚔ Fluffy Bunnies ♿♚♚' there is no technical
reason
to prevent it.
-- Matt '☃☃⚔ Fluffy Bunnies ♿♚♚' Wagner
The other issue is when we're
using LDAP, we've got to accept whatever
the ldap server includes in the username. Also, I believe katello just
made a change (or is about to) that explicitly allows '@' and '.' in
username (to allow the user to use email address as username)
Scott