ocflib icon indicating copy to clipboard operation
ocflib copied to clipboard

Published 20 hours ago verified publisher icon ocf

Allow numbers in usernames

Open ja5087 opened this issue 5 years ago • 9 comments
trafficstars

E7 wants a group account with a number in the username and I don't see why not.

ja5087 avatar Oct 09 '20 15:10 ja5087

You probably wouldn't want all digit usernames, since those could be confused with UIDs.

Also, are there any additional usernames that would need to be reserved if numbers suddenly become valid characters in usernames?

kpengboy avatar Oct 09 '20 18:10 kpengboy

I don't think we expose a UID anywhere at the OCF though, but it's fair that just to avoid the possibility in case we ever do to make the first character lowercase alphabetical. As far as I can tell we haven't done anything special that would require more reserved usernames either.

ja5087 avatar Oct 09 '20 19:10 ja5087

I've changed it so you need to have the first letter be a lowercase character.

ja5087 avatar Oct 10 '20 20:10 ja5087

Here are some additional steps I thought of that may be needed:

  • Do we want to reserve usernames like adm1n?
  • We'd need to create /home/a/a0, /home/a/a1, ..., /home/z/z9.

kpengboy avatar Oct 14 '20 08:10 kpengboy

Here are some additional steps I thought of that may be needed:

* Do we want to reserve usernames like `adm1n`?

* We'd need to create `/home/a/a0`, `/home/a/a1`, ..., `/home/z/z9`.

Considering we don't reserve things like admin either and it's probably impossible to maintain a list of all things that sound important, this might be a wontfix. As for the second point, I think this is already ensured by https://github.com/ocf/ocflib/blob/309680aaa2b9e3e6315ad52d0f9118b0a9482acd/ocflib/account/utils.py#L52 and when I tested this function to create e7staff it worked fine.

ja5087 avatar Oct 14 '20 08:10 ja5087

We do reserve admin FWIW: https://github.com/ocf/ocflib/blob/309680aaa2b9e3e6315ad52d0f9118b0a9482acd/ocflib/account/validators.py#L18. But agree we can consider reserving such leetspeak usernames in a different change.

kpengboy avatar Oct 14 '20 09:10 kpengboy

Oh huh I stand corrected, thanks.

ja5087 avatar Oct 14 '20 09:10 ja5087

I think talking to @nikhiljha, we're a bit hesitant to merge this, as people could use numbers to make their usernames a bit more obfuscated, e.g. m1337ax or something. I think just typing out the numbers (.e.g 7 is seven) is what we have done in the past.

emmatyping avatar Sep 25 '21 19:09 emmatyping

iirc we do have requirements that username must somewhat match real name and it's automatically enforced somewhere - could possibly be useful to prevent somebody using "adm1n" (the one who exploit it must has a name like Adam Norton or something...)

axmmisaka avatar Jan 13 '22 03:01 axmmisaka