Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Create a login interceptor that asks users with an @ in their username to update their username

Description

Private packages use an @ sign at the beginning of the slug to indicate a private package. Usernames that are essentially emails break this functionality.

In addition validating usernames for special characters and allowing users to update their usernames, we need to ask users that currently have an invalid username to change it on log in.

Perhaps some sort of global interceptor here that inspects the current user's username and redirects if it is a problem?

Okay. So here's the flow I'm thinking:
1. We add the validation to the username.
2. When there is a logged in user, we use an interceptor to check if they have an invalid username (according to the new validation constraints).
3. If they do, they are redirected to a page to update their username. That page is only accessible under these circumstances.
4. After a while, we email the stragglers to please update their username.

Gliffy Diagrams

Activity

Show:

Eric PetersonAugust 1, 2017 at 2:29 AM

Honestly, I also would say that usernames should not start with numbers or special characters either. Here's the regex I think I'd use:

^(?:@([a-zA-Z][\w-])\/)?([\w-])$

Or, with version included:

^(?:@([a-zA-Z][\w-])\/)?([\w-])(?:@([\d\.]))?$

Eric PetersonAugust 1, 2017 at 2:18 AM

I realize that the argument can be made that emails are fine for usernames in ForgeBox but I still think we should migrate users to non-special-character usernames. The biggest reason I can think of is experience.

Take a look at this slug: @text@example.com/testing@1.0.5 It's quite messy, in my opinion.
The regex to handle this slug looks like this: ^(@[\w@\.]+/)?([\w]+)$

If we force usernames to look like slugs, we get more consistency: @testuser/testing@1.0.5
And the regex becomes a bit simpler as well: ^(@[\w-]/)?([\w-])$

To be honest, the regex isn't the big deal, I really think that visually it looks worse to have more @ signs in the package declaration than we are already doing.

cc

Brad WoodJuly 31, 2017 at 9:10 PM

Can you explain how an E-mail address as a username breaks this? I brought this up with when we implemented it and he argued that as long as we alway looked at the last @ sign in the package name, then it wouldn't matter if the username itself had any @ signs. I'm not a fan of having the username be an E-mail, but technically it seemed like it should work.

Fixed
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Fix versions

Priority

Sentry

Created July 31, 2017 at 8:20 PM
Updated September 18, 2018 at 3:46 AM
Resolved September 10, 2017 at 3:49 AM

Flag notifications