Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add validation to prevent update of a user or member to an invalid username (13) #18261

Merged
merged 2 commits into from
Feb 10, 2025
Merged

Add validation to prevent update of a user or member to an invalid username (13) #18261

merged 2 commits into from
Feb 10, 2025

Conversation

AndyButland
Copy link
Contributor

@AndyButland AndyButland commented Feb 7, 2025
edited
Loading

Prerequisites

  • I have added steps to test this contribution in the description below

Fixes #17347 and #14823

Description

The core of both reported issues is that whilst we can rely on ASP.NET Identity validating the user name characters, for updates we need to do it ourselves. So I've added that into the validation checks for both users and members.

I also fixed an annoyance with LastPass attempting to fill the user name and leading to accidental updates.

To Test:

  • Allow for example a space to be a valid character by configuring:
  "Umbraco": {
    "CMS": {
      "Security": {
        "UsernameIsEmail": false,
        "AllowedUserNameCharacters": "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._ @+\\",
  • Create a member and a user with a space in the user name.
  • Update configuration to remove space from being a valid character.
  • Before the PR you'll find you can update members and users that have a space in their username.
  • After the code in the PR is applied, you won't be able to.

@AndyButland AndyButland changed the title Add validation to prevent update of a user or member to an invalid username Add validation to prevent update of a user or member to an invalid username (13) Feb 7, 2025
@AndyButland AndyButland mentioned this pull request Feb 7, 2025
Merged
nikolajlauridsen
nikolajlauridsen approved these changes Feb 10, 2025
View reviewed changes
Copy link
Contributor

@nikolajlauridsen nikolajlauridsen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, tests good

@nikolajlauridsen nikolajlauridsen merged commit a3b77cf into v13/dev Feb 10, 2025
19 of 20 checks passed
@nikolajlauridsen nikolajlauridsen deleted the v13/bugfix/prevent-save-of-invalid-username branch February 10, 2025 09:40
@nikolajlauridsen nikolajlauridsen mentioned this pull request Feb 10, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nikolajlauridsen nikolajlauridsen nikolajlauridsen approved these changes

Assignees
No one assigned
Labels
area/backend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AndyButland @nikolajlauridsen