feat(user): add strict validations for username #1574
Conversation
|
Good stuff. Client-side validation should be added too using ng-pattern and relevant ng-messages. |
| illegalUsernames: ['meanjs', 'fwd', 'fwd:', 'reply', 'administrator', 'password', 'community', | ||
| 'unknown', 'anonymous', 'null', 'undefined', 'home', 'signup', 'signin', 'login', | ||
| 'edit', 'settings', 'demo', 'support', 'networks', 'profile', 'avatar', 'mini', | ||
| 'photo', 'account', 'api', 'modify', 'feedback', 'security', 'accounts', 'tribe', 'tag' |
There was a problem hiding this comment.
I recommend get rid of 'tribe' and add 'admin' to the list.
There was a problem hiding this comment.
In fact I recommend getting rid of lots of these, such as avatar, demo, unknown etc... it should be up to the user to populate this list and MEAN should only reserve very important ones like admin out the box IMO.
There was a problem hiding this comment.
true, I didnt really spend time looking at what was in this array :)
|
@hyperreality |
|
Yeah, that regex is difficult to read and doesn't do the right thing at all. For instance, the I think we should use this: Adapted from here which has a nice explanation about what it does. |
sujeethk
force-pushed
the
strictusername
branch
from
bad95d9 to
6023cff
Compare
|
@hyperreality Lint is unhappy with that regex. It says the group is invalid on that regex. Added a commit with existing regex, added client side validation with ng-pattern and relevant e2e tests. There is some issue with my protractor running e2e tests on my machine, so i couldnt run the tests. But client and server tests passed. Will wait for travis build to complete so i can check the e2e test results there. |
sujeethk
force-pushed
the
strictusername
branch
4 times, most recently
from
9fb5b38 to
fd0aa03
Compare
|
was able to fix my protractor issue. e2e tests passed. |
|
@sujeethk Did you solve the issue with the linting errors on that regex? Also, what is the problem with the regex that @hyperreality said was incorrect? Was the actual issue with just combining it into one for the client-side check? Currently, it appears that the regex you're using here is the same as what @simison shared. |
|
@mleanos when I used the Regex that hyperreality provided above I got a lint error saying it was invalid regex. Then I resorted to using the same regex that Simison referred and used the same on the client side. All tests passed. So it's good for now. |
| @@ -15,6 +15,7 @@ | |||
| vm.signup = signup; | |||
| vm.signin = signin; | |||
| vm.callOauthProvider = callOauthProvider; | |||
| vm.usernameRegex = /^(?=.*[0-9a-z])[0-9a-z.\-_]{3,34}$/ && /^[^.](?!.*(\.)\1).*[^.]$/; | |||
There was a problem hiding this comment.
I notice the client-side doesn't catch "user$lastname" as invalid, but the server-side does. This must be an issue with this client-side regex.
There was a problem hiding this comment.
fixed this in the latest commit and added a test case for the same
|
@simison Care to take a quick glance at this? @meanjs/contributors |
|
On holiday this week but i'll see if I can have a look at this tonight, That forbidden words list is very TR specific, you should clean it out for On 17 Oct 2016 07:04, "Michael Leanos" notifications@github.com wrote:
|
|
@mleanos @hyperreality When using hyperreality's suggestion above this is the error I get Hence I used simison's suggestion. @mleanos you are right the same regex works on server side, but on the client side it allows special characters. I am trying to find why, is ngPattern using the regex differently or is it because i concatenated the two regex using |
sujeethk
force-pushed
the
strictusername
branch
from
fd0aa03 to
4aede0f
Compare
|
@mleanos Fixed the regex on client side using help from a regex IRC :). Used the same regex on the server side eliminating the need for a usernameRegex and dotRegex. Also added a couple of tests to check for minimum length and |
Idea proposed by @sparshy meanjs#1204 Suggestions, rules and tests from Trustroots @simison Added validations on user server model Added client side validations Added relevant tests on user server tests Added relevant tests on user e2e tests Fixes meanjs#1204
sujeethk
force-pushed
the
strictusername
branch
from
4aede0f to
6a9b5af
Compare
|
@sujeethk LGTM. I'll try to get this merged in the next couple of days. Thanks for taking this on. |
|
@sujeethk Would you mind rebasing? I'll merge right after. |
|
@mleanos Rebased |
|
Thank you @sujeethk! |
feat(user): add strict validations for username
Idea proposed by @sparshy #1204
Suggestions, rules and tests from Trustroots @simison
Added validations on user server model
Added relevant tests on user server tests
Fixes #1204