fixed-username-checks

yashgoyal0110 · yashgoyal0110 · commit bf6b909c2a14 · 2026-05-06T23:36:22.000+05:30
diff --git a/chaoscenter/authentication/api/handlers/doc.go b/chaoscenter/authentication/api/handlers/doc.go
@@ -110,7 +110,7 @@ type ErrStrictPasswordPolicyViolation struct {
 
 type ErrStrictUsernamePolicyViolation struct {
 	Code    int    `json:"code" example:"401"`
-	Message string `json:"message" example:"The username should be atleast 3 characters long and atmost 16 characters long."`
+	Message string `json:"message" example:"The username should be atleast 3 characters long and atmost 254 characters long, must start with a letter or digit, and can only contain letters, digits, and the characters . _ - @ +"`
 }
 
 type ErrEmptyProjectName struct {
diff --git a/chaoscenter/authentication/pkg/utils/errors.go b/chaoscenter/authentication/pkg/utils/errors.go
@@ -55,7 +55,7 @@ var ErrorDescriptions = map[AppError]string{
 	ErrUnauthorized:                  "The user does not have requested authorization to access this resource",
 	ErrUserExists:                    "This username is already assigned to another user",
 	ErrStrictPasswordPolicyViolation: "Please ensure the password is atleast 8 characters long and atmost 16 characters long and has atleast 1 digit, 1 lowercase alphabet, 1 uppercase alphabet and 1 special character",
-	ErrStrictUsernamePolicyViolation: "The username should be atleast 3 characters long and atmost 16 characters long.",
+	ErrStrictUsernamePolicyViolation: "The username should be atleast 3 characters long and atmost 254 characters long, must start with a letter or digit, and can only contain letters, digits, and the characters . _ - @ +",
 	ErrEmptyProjectName:              "Project name can't be empty",
 	ErrInvalidRole:                   "Role is invalid",
 	ErrProjectNotFound:               "This project does not exist",
diff --git a/chaoscenter/authentication/pkg/utils/sanitizers.go b/chaoscenter/authentication/pkg/utils/sanitizers.go
@@ -63,14 +63,15 @@ func RandomString(n int) (string, error) {
 	return "", fmt.Errorf("length should be greater than 0")
 }
 
-// Username must start with a letter - ^[a-zA-Z]
-// Allow letters, digits, underscores, and hyphens - [a-zA-Z0-9_-]
-// Ensure the length of the username is between 3 and 16 characters (1 character is already matched above) - {2,15}$
+// Username must start with a letter or digit - ^[a-zA-Z0-9]
+// Allow letters, digits, and the characters . _ - @ + (so an email address is a valid username,
+// which is required for Dex SSO where the email is used as the username) - [a-zA-Z0-9._@+-]
+// Ensure the length of the username is between 3 and 254 characters
+// (1 character is already matched above, and 254 is the RFC 5321 maximum email length) - {2,253}$
 
 func ValidateStrictUsername(username string) error {
-	// Ensure username doesn't contain special characters (only letters, numbers, and underscores are allowed)
-	if matched, _ := regexp.MatchString(`^[a-zA-Z][a-zA-Z0-9_-]{2,15}$`, username); !matched {
-		return fmt.Errorf("username can only contain letters, numbers, and underscores")
+	if matched, _ := regexp.MatchString(`^[a-zA-Z0-9][a-zA-Z0-9._@+-]{2,253}$`, username); !matched {
+		return fmt.Errorf("username can only contain letters, digits, and the characters . _ - @ +")
 	}
 
 	return nil
diff --git a/chaoscenter/web/src/constants/validation.ts b/chaoscenter/web/src/constants/validation.ts
@@ -1,7 +1,7 @@
-//  ^[a-zA-Z]          # Must start with a letter
-//  [a-zA-Z0-9_-]      # Allow letters, digits, underscores, and hyphens
-//  {2,15}$            # Ensure the length of the username is between 3 and 16 characters (1 character is already matched above)
-export const USERNAME_REGEX = /^[a-zA-Z][a-zA-Z0-9_-]{2,15}$/;
+//  ^[a-zA-Z0-9]       # Must start with a letter or digit
+//  [a-zA-Z0-9._@+-]   # Allow letters, digits, and the characters . _ - @ + (so emails are valid usernames for Dex SSO correlation)
+//  {2,253}$           # Ensure the length of the username is between 3 and 254 characters (1 character is already matched above; 254 is the RFC 5321 max email length)
+export const USERNAME_REGEX = /^[a-zA-Z0-9][a-zA-Z0-9._@+-]{2,253}$/;
 
 //  ^(?=.*[a-z])       # At least one lowercase letter
 //  (?=.*[A-Z])        # At least one uppercase letter
diff --git a/chaoscenter/web/src/strings/strings.en.yaml b/chaoscenter/web/src/strings/strings.en.yaml
@@ -199,7 +199,7 @@ copiedToClipboard: Copied to clipboard
 copyPrompt: >-
   Copy the downloaded YML to a machine where you have kubectl installed and have
   access to your Kubernetes cluster.
-copyPrompt1: 2. Apply the Chaos CRDs manually
+copyPrompt1: 2. Apply the Chaos CRD manually
 copyPrompt2: >-
   3. Copy the downloaded YML to a machine where you have kubectl installed and
   have access to your Kubernetes cluster.
@@ -480,13 +480,19 @@ hypothesis: hypothesis
 id: ID
 idlowerCase: id
 imageRegistry: Image Registry
-imageRegistryNameInvalid: 'Registry name must be a valid hostname (e.g., docker.io, gcr.io, my-registry.example.com:5000)'
+imageRegistryNameInvalid: >-
+  Registry name must be a valid hostname (e.g., docker.io, gcr.io,
+  my-registry.example.com:5000)
 imageRegistryNameRequired: Registry name is required for custom image registry
 imageRegistryUpdateSuccess: Image Registry added successfully
-imageRepoNameInvalid: 'Repository name must contain only lowercase letters, numbers, dots, underscores, slashes, and hyphens'
+imageRepoNameInvalid: >-
+  Repository name must contain only lowercase letters, numbers, dots,
+  underscores, slashes, and hyphens
 imageRepoNameRequired: Repository name is required for custom image registry
 imageSecret: Image Secret
-imageSecretNameInvalid: 'Secret name must be a valid Kubernetes name (lowercase letters, numbers, dots, and hyphens)'
+imageSecretNameInvalid: >-
+  Secret name must be a valid Kubernetes name (lowercase letters, numbers, dots,
+  and hyphens)
 imageSecretNameRequired: Secret name is required for private image registry
 imageSecretPlaceholder: Enter your Image Secret
 improveResilienceOfTheDeployedService: Improve resilience of the deployed service
@@ -1220,7 +1226,9 @@ userCreatedOn: User Created On
 userManagement: User Management
 username: Username
 usernameIsRequired: Username is a required field
-usernameValidText: Username can only contain letters, digits, underscores, and hyphens
+usernameValidText: >-
+  Username must start with a letter or digit and can only contain letters,
+  digits, and the characters . _ - @ +
 usersNotAvailableMessage: No users available to send invitation
 usersNotAvailableTitle: No users available
 validationError: Validation Error
diff --git a/chaoscenter/web/src/views/CreateNewUser/CreateNewUser.tsx b/chaoscenter/web/src/views/CreateNewUser/CreateNewUser.tsx
@@ -74,7 +74,7 @@ export default function CreateNewUserView(props: CreateNewUserViewProps): React.
             username: Yup.string()
               .required(getString('usernameIsRequired'))
               .min(3, getString('fieldMinLength', { length: 3 }))
-              .max(16, getString('fieldMaxLength', { length: 16 }))
+              .max(254, getString('fieldMaxLength', { length: 254 }))
               .matches(USERNAME_REGEX, getString('usernameValidText')),
             password: Yup.string().required(getString('passwordIsRequired')),
             reEnterPassword: Yup.string()

Original file line number	Diff line number	Diff line change
`@@ -110,7 +110,7 @@ type ErrStrictPasswordPolicyViolation struct {`
`110`	`110`
`111`	`111`	`type ErrStrictUsernamePolicyViolation struct {`
`112`	`112`	Code int `json:"code" example:"401"`
`113`		- Message string `json:"message" example:"The username should be atleast 3 characters long and atmost 16 characters long."`
	`113`	+ Message string `json:"message" example:"The username should be atleast 3 characters long and atmost 254 characters long, must start with a letter or digit, and can only contain letters, digits, and the characters . _ - @ +"`
`114`	`114`	`}`
`115`	`115`
`116`	`116`	`type ErrEmptyProjectName struct {`