Kallithea issues archive

Issue #232: Don't disallow usernames with an @ character

Reported by: Glenn Matthys
State: new
Created on: 2016-07-14 21:47
Updated on: 2016-07-16 21:38


Our SSO system works using email addresses as username, and with container auth Kallithea will create the user, but if you want to change any properties of that user afterwards, it errors out with "Username may only contain alphanumeric characters underscores, periods or dashes and must begin with an alphanumeric character or underscore".

Maybe this restriction could be lessened to allow email addresses? Or at the very least don't allow the creation of invalid usernames through container auth?




Comment by Glenn Matthys, on 2016-07-14 21:48


Comment by Mads Kiilerich, on 2016-07-14 21:58

How do these usernames work with @mention in PR comments? It works but looks odd? Hmm ... no ... I'm sure it doesn't. There will probably also be other places where it can cause problems.

What SSO system are you using?

(Somewhat related: Kallithea (on the development branch?) allows login with email.)

Comment by Glenn Matthys, on 2016-07-16 10:49

Well I call it SSO but it's really a local sqlite database with hashed passwords which I'm trying to re-use as much as possible anywhere authentication is needed. Using email addresses just makes it a lot easier for people because that's what they always remember. Maybe we should have some kind of "display name"? Or maybe I can modify the environment variables passed to drop the @domain.tld, but would have to test if that still works with git clone, etc...

Comment by Glenn Matthys, on 2016-07-16 15:49

Well I did some mod_rewrite kung fu and I got it to accept email addresses as auth and set X-Forwarded-User to <firstname> <lastname>, but spaces aren't allowed either... Some people have names like "foo bar baz" where "foo bar" are their first names, and I can't get that space out. So maybe allow spaces too? The username validation seems very archaic...

Comment by Mads Kiilerich, on 2016-07-16 21:38

Why is the username validation archaic? The username is an identifier, like for example a domain name is - and even more like the part before the @ in an email address is. Why should it be allowed to contain spaces? If so, how should @mention markup in texts work?

It sounds like you have a very custom setup with your own kind of user account names. With so special requirements, you could perhaps also just modify your own installation of Kallithea and hack whatever gets in your way. It is possible that some of it would be of general interest and could be upstreamed.