okuna-api icon indicating copy to clipboard operation
okuna-api copied to clipboard

Published 20 hours ago verified publisher icon OkunaOrg

Dots should be limited in usernames

Open lifenautjoe opened this issue 6 years ago • 6 comments

Good: joel.hernandez Bad: ., .. ...

lifenautjoe avatar Mar 24 '19 20:03 lifenautjoe

Whatever validation has to be added too to the backend

lifenautjoe avatar Mar 27 '19 21:03 lifenautjoe

Is foo.bar.example bad? Is .foo bad? Is foo. bad?

tschwaerzl avatar Apr 03 '19 21:04 tschwaerzl

.foo and foo. are bad, never dots beginning or ending.

foo.bar.example is okay

lifenautjoe avatar Apr 03 '19 21:04 lifenautjoe

A small list about code locations that should be updated too.

  • [ ] Update test to include invalid usernames (e.g. asdf; a.b; ab.) https://github.com/OkunaOrg/okuna-api/blob/1d00bea59150888f18eb11eaa99318efd16141e1/openbook_auth/tests/views/test_auth.py#L72

Okuna-App

  • [ ] Text-Formatting (See also issue https://github.com/OkunaOrg/okuna-app/issues/312) https://github.com/OkunaOrg/okuna-app/blob/737e0688610822166a6fd8c98eb9b2886797d1c2/lib/widgets/theming/smart_text.dart#L110
  • [ ] Validation of the username https://github.com/OkunaOrg/okuna-app/blob/737e0688610822166a6fd8c98eb9b2886797d1c2/lib/services/validation.dart#L152-L153

duichwer avatar Oct 12 '19 13:10 duichwer

A possible RegEx for the SmartText Highlighting with escapet at-sign. r"(?<=[\s\n\r]|^)(@A-Za-z0-9?)(?=\b|$)"

duichwer avatar May 22 '20 05:05 duichwer

A possible RegEx for the SmartText Highlighting with escapet at-sign. r"(?<=[\s\n\r]|^)(\@[A-Za-z0-9](([A-Za-z0-9]|[._](?![._])){0,28}[A-Za-z0-9])?)(?=\b|$)"

A couple of comments on this:

  1. \n and \r are typically included in \s, so it should be enough with (?<=\s|^)
  2. We don't need to use a lookbehind at the start (or a lookahead at the end, for that matter). Non-capturing groups are enough. Another reason not to use lookbehinds is that they are not supported by many major browsers, so if we don't use them we could use the same regex in both the app and in the web version.
  3. We probably also want to minimise the number of capturing groups in general, which is easily done if we convert them to non-capturing groups.

With these comments in mind, the regex will look like: (?:\s|^)(\@[A-Za-z0-9](?:(?:[A-Za-z0-9]|[._](?![._])){0,28}[A-Za-z0-9])?)(?:\b|$)

And some tests with this patched regex: image Blue+green = full match Green = first capture group (the part we are interested in)

Yes, this means that the matches include the preceding space/newline. That doesn't matter, though, since we use the first capture group anyway. It also is much faster than using lookbehinds/lookaheads.

For the regexes used by the validators in both the API and the app, we can probably use the regex I suggested in #368, which also was adapted from a suggestion by @duichwer (thank you 👍): ^[a-zA-Z0-9](?:[._]?[a-z-A-Z0-9])*$ This one is used to match against a string which only contains a username, so matching @, anything before the username, or anything after is not necessary. Using the same tests as above with this regex we get what we would expect: image

Komposten avatar May 22 '20 12:05 Komposten