View Issue Details

IDProjectCategoryView StatusLast Update
0005022mantisbtotherpublic2010-02-22 14:34
ReporterWilliam Tasso Assigned Tovboctor  
PrioritynormalSeveritytweakReproducibilityalways
Status closedResolutionfixed 
PlatformIIS-5OSWindows 2000OS VersionAdvanced Server
Target Version1.2.0Fixed in Version1.2.0 
Summary0005022: user-names must not contain dots [.]
Description

APPLICATION ERROR 0000805

"The username is invalid. Usernames may only contain letters, numbers, spaces, hyphens, and underscores."

Is it possible to allow the use of dots (periods) in a user-name?

Additional Information

This would be useful because we could then advise new users they can use the same login that they use on their (windows) domain - where applicable.

TagsNo tags attached.

Relationships

has duplicate 0005947 closedgiallu allow dots in username 
has duplicate 0004471 closedgiallu Can't add email addresses as usernames from [Manage Accounts][Create New Account] 
has duplicate 0009616 closedgiallu LDAP: Must allow period in user name 
has duplicate 0009135 closedvboctor LDAP and username like email 
child of 0004937 closedvboctor Mantis 1.0.0a1 Release 

Activities

pmonk

pmonk

2005-02-01 19:39

reporter   ~0009168

This can be bypassed by creating a username without the '.', then
editing the user and adding the '.' to the username.

In this way, I guess, the blocking of usernames containing '.' is
buggy (in that you can get around it), though I agree, it would
be better if this behaviour could simply be removed.

motocrosserman

motocrosserman

2005-02-02 09:14

reporter   ~0009172

Edit config_defaults_inc.php
Change $g_user_login_valid_regex to:
$g_user_login_valid_regex = '/^[\w .-]+$/';

Now you can create users with .
You may also want to change the text in lang/english.txt to include the '.' in the invalid username string to:

"The username is invalid. Usernames may only contain letters, numbers, spaces, hyphens, underscores and periods."

giallu

giallu

2007-10-05 11:27

reporter   ~0015815

Reminder sent to: vboctor

Do we want to add this by default or can we close?

vboctor

vboctor

2007-10-05 13:17

manager   ~0015816

There are two issues to fix here:

  1. Allow '.' in user names by default. I guess this is pretty common specially for users who use email as login names. We should also allow '@'.

  2. Make sure that the regex for validating user names is used for validation in all code paths that can modify the user name. There should be no work arounds.

garethrandall

garethrandall

2007-12-20 06:29

reporter   ~0016469

It would be good to allow dots, in order for corporate users to have consistent usernames for different applications.

If IT departments have to "hack" their installation to do this, it prevents them doing simple things like upgrading to the latest version. We have over 600 users on our installation, almost all using dots to match their windows usernames.

I would like to see this in the standard distribution so that my company can run standard "un-hacked" Mantis. Otherwise, the company sees it as a support risk.

Finally, is there any good technical reason why dots should not be allowed? Presumably not.

vboctor

vboctor

2007-12-20 12:29

manager   ~0016485

See comment 0005022:0015816.

By the way, admins just need to update the configuration with a regular expression that they need. So it is a configuration rather than having to hack the code.

However, I agree that regular expressions are not everyones cup of tea ;) A good starting point would be to contribute an updated regular expression to this bug. This will make it easier for administrators who want to configure their Mantis installation to accept these letters until it is there out of the box.

giallu

giallu

2009-10-13 15:48

reporter   ~0023169

I am wondering...

what if we move away from the whitelist approach (that is, everything is disallowed unless it matches the regexp) to a blacklist, that is, everything is allowed unless it matches the regexp?

Additionally, I agree a regexp is not really user-friendly, so I propose we add a anther option for a plain chars list that we allow (or disallow if we also do the above) then compose the regexp using the char list.

I checked and the regexp is used exactly once in the code, so it would be a non invasive change. let me know what you think and I can code a patch straight away

vboctor

vboctor

2009-10-20 00:58

manager   ~0023251

Last edited: 2009-10-20 01:37

The requests I've seen in the past were mainly relating to supporting email addresses as user login names. Hence, I suggest we start by using a regular expression that allows that and adding to the documentation of the option a couple of useful links relating to regular expression:

The regular expression I suggest is:
$g_user_login_validregex = '/^([a-z\d-.+%]+(@[a-z\d-.]+.[a-z]{2,4})?)$/i';

Useful related links are:

I've added the underscore although it is not valid for emails. This is because it is valid for user names.

SamCPP

SamCPP

2009-10-20 19:07

reporter   ~0023255

What do you mean "I've added the underscore although it is not valid for emails."? Underscores are valid in email addresses last I checked?

vboctor

vboctor

2009-10-23 01:21

manager   ~0023290

@SamCPP, I think you are probably right.

I've also added space to the regular expression since it was already supported by the previous regular expression.

Related Changesets

MantisBT: master a7c34413

2009-10-23 01:19

vboctor


Details Diff
Fixes 0005022: user-names must not contain dots [.]. Affected Issues
0005022
mod - lang/strings_english.txt Diff File
mod - docbook/adminguide/en/configuration.sgml Diff File
mod - config_defaults_inc.php Diff File

MantisBT: master-1.2.x a62b19c4

2009-10-23 01:19

vboctor


Details Diff
Fixes 0005022: user-names must not contain dots [.]. Affected Issues
0005022
mod - lang/strings_english.txt Diff File
mod - docbook/adminguide/en/configuration.sgml Diff File
mod - config_defaults_inc.php Diff File