plane icon indicating copy to clipboard operation
plane copied to clipboard
Published 21 hours ago โ€ข verified publisher icon makeplane

[WEB-4434] chore: disallowing special characters in user first name and last name

Open sangeethailango opened this issue 2 months ago โ€ข 2 comments

Description

This PR will throw a validation error if the following special characters are given for the user's first name and last name

&+,:;$^}{*=?@#|'<>.()%!

Type of Change

  • [x] Bug fix (non-breaking change which fixes an issue)

Summary by CodeRabbit

  • Bug Fixes
    • Strengthened validation for first and last names to reject URLs and disallowed special characters.
    • Added clearer, targeted error messages for invalid name characters shown inline on profile and onboarding forms.
    • Standardized name input rules across sign-up, onboarding, and profile edit flows to ensure consistent, valid profile data.

sangeethailango avatar Oct 13 '25 08:10 sangeethailango

Linked to Plane Work Item(s)

This comment was auto-generated by Plane

makeplane[bot] avatar Oct 13 '25 08:10 makeplane[bot]

[!NOTE]

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Added a module-level forbidden-character regex and checks to apps/api/plane/app/serializers/user.py. Added client-side regex pattern validation for first_name in apps/web/core/components/onboarding/steps/profile/root.tsx. Added client-side regex pattern validation for both first_name and last_name and visible last-name error feedback in apps/web/core/components/profile/form.tsx.

Changes

Cohort / File(s) Summary
Backend: serializer constant & validations
apps/api/plane/app/serializers/user.py		 Added import re and public constant FORBIDDEN_NAME_CHARS_PATTERN. Extended UserSerializer.validate_first_name and validate_last_name to reject values matching the forbidden-character regex while retaining the existing URL containment checks and ValidationError responses.
Web: onboarding first-name pattern
apps/web/core/components/onboarding/steps/profile/root.tsx		 Added regex pattern validation to first_name field (letters, spaces, hyphens, underscores) plus error message; left required and maxLength rules unchanged.
Web: profile form name patterns & UI feedback
apps/web/core/components/profile/form.tsx		 Added client-side regex patterns for first_name and last_name ( /^[a-zA-Z\s-_]*$/ ) with error messages. Rendered visible error feedback for last_name when validation fails.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant C as Client (submit / front-end)
  participant F as Front-end Validation
  participant S as Backend Serializer
  participant R as Regex (FORBIDDEN_NAME_CHARS_PATTERN)

  C->>F: input first_name / last_name
  F->>F: test against /^[a-zA-Z\s\-_]*$/
  alt front-end pattern fails
    F-->>C: show validation error (allowed characters)
  else passes
    F->>S: send payload
    S->>R: re.search(FORBIDDEN_NAME_CHARS_PATTERN, value)
    alt forbidden chars found
      R-->>S: match
      S-->>C: raise ValidationError("special characters not allowed")
    else no forbidden chars
      alt contains URL
        S-->>C: raise ValidationError("URLs are not allowed")
      else valid
        S-->>C: accept / return value
      end
    end
  end

Estimated code review effort

๐ŸŽฏ 3 (Moderate) | โฑ๏ธ ~20 minutes

Poem

I twitch my whiskers, regex bright,
Banned symbols hidden from the light.
First and last both checked with care,
Front and back agree โ€” no odd chars there.
A happy rabbit hops away. ๐Ÿ‡โœจ

Pre-merge checks and finishing touches

โŒ Failed checks (1 warning)
Check name Status Explanation Resolution
Description Check โš ๏ธ Warning The pull request description includes the Description and Type of Change sections but omits the required Test Scenarios and References headings from the repository template, which are needed to document how the changes were verified and to link related issues. Please add a Test Scenarios section detailing the tests performed to verify the validation logic and a References section linking the related issue or ticket.
โœ… Passed checks (2 passed)
Check name Status Explanation
Title Check โœ… Passed The title clearly and concisely summarizes the main change by indicating that special characters are now disallowed in user first and last names, and includes the relevant ticket number according to project conventions.
Docstring Coverage โœ… Passed No functions found in the changes. Docstring coverage check skipped.
โœจ Finishing touches
  • [ ] ๐Ÿ“ Generate docstrings
๐Ÿงช Generate unit tests (beta)
  • [ ] Create PR with unit tests
  • [ ] Post copyable unit tests in a comment
  • [ ] Commit unit tests in branch fix-special-characters-in-username

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

โค๏ธ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot] avatar Oct 13 '25 08:10 coderabbitai[bot]