fixed-username-checks#5503
Open
yashgoyal0110 wants to merge 7 commits into
Open
Conversation
Signed-off-by: yashgoyal0110 <yg364550@gmail.com>
yashgoyal0110
force-pushed
the
fix/username-checks-fixes
branch
from
bf6b909 to
56aa882
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR relaxes username validation so pre-created users can use email-style usernames for Dex SSO correlation.
Changes:
- Expands backend and frontend username validation from 3–16 chars to 3–254 chars.
- Allows digits as the first character and permits
. _ - @ +in usernames. - Updates user-facing validation/error text and API documentation examples.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
chaoscenter/authentication/pkg/utils/sanitizers.go |
Updates strict username regex and validator error text. |
chaoscenter/authentication/pkg/utils/errors.go |
Updates username policy violation description. |
chaoscenter/authentication/api/handlers/doc.go |
Updates API documentation example for username validation errors. |
chaoscenter/web/src/constants/validation.ts |
Updates frontend username regex. |
chaoscenter/web/src/views/CreateNewUser/CreateNewUser.tsx |
Raises UI username max length to 254. |
chaoscenter/web/src/strings/strings.en.yaml |
Updates username validation copy and reformats related strings. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+73
to
+74
| if matched, _ := regexp.MatchString(`^[a-zA-Z0-9][a-zA-Z0-9._@+-]{2,253}$`, username); !matched { | ||
| return fmt.Errorf("username can only contain letters, digits, and the characters . _ - @ +") |
Comment on lines
+77
to
78
| .max(254, getString('fieldMaxLength', { length: 254 })) | ||
| .matches(USERNAME_REGEX, getString('usernameValidText')), |
| type ErrStrictUsernamePolicyViolation struct { | ||
| Code int `json:"code" example:"401"` | ||
| Message string `json:"message" example:"The username should be atleast 3 characters long and atmost 16 characters long."` | ||
| Message string `json:"message" example:"The username should be atleast 3 characters long and atmost 254 characters long, must start with letter or digit, and can only contain letters, digits, and the characters . - _ @ +"` |
| ErrUserExists: "This username is already assigned to another user", | ||
| ErrStrictPasswordPolicyViolation: "Please ensure the password is atleast 8 characters long and atmost 16 characters long and has atleast 1 digit, 1 lowercase alphabet, 1 uppercase alphabet and 1 special character", | ||
| ErrStrictUsernamePolicyViolation: "The username should be atleast 3 characters long and atmost 16 characters long.", | ||
| ErrStrictUsernamePolicyViolation: "The username should be atleast 3 characters long and atmost 254 characters long, must start with a letter or digit, and can only contain letters, digits, and the characters . _ - @ +", |
| type ErrStrictUsernamePolicyViolation struct { | ||
| Code int `json:"code" example:"401"` | ||
| Message string `json:"message" example:"The username should be atleast 3 characters long and atmost 16 characters long."` | ||
| Message string `json:"message" example:"The username should be atleast 3 characters long and atmost 254 characters long, must start with letter or digit, and can only contain letters, digits, and the characters . - _ @ +"` |
Comment on lines
+73
to
+74
| if matched, _ := regexp.MatchString(`^[a-zA-Z0-9][a-zA-Z0-9._@+-]{2,253}$`, username); !matched { | ||
| return fmt.Errorf("username can only contain letters, digits, and the characters . _ - @ +") |
Contributor
|
@yashgoyal0110 could you please review the comments by co-pilot? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed changes
Fixes #5413
The auth API's username validator (
ValidateStrictUsername) enforced^[a-zA-Z][a-zA-Z0-9_-]{2,15}$— i.e., 3–16 chars, alphanumerics +_-only, must start with a letter. This made it impossible to pre-create a user whose username is their email address (e.g.john.smith.long@example.com), which is required to correlate Dex SSO logins with pre-created accounts. Dex setsUsername = claims.Emailin dex_auth_handler.go#L127, so any email longer than 16 characters or containing@/.was rejected by/create_userwith401 username_policy_violation.Files touched
chaoscenter/authentication/pkg/utils/sanitizers.gochaoscenter/authentication/pkg/utils/errors.gochaoscenter/authentication/api/handlers/doc.gochaoscenter/web/src/constants/validation.tschaoscenter/web/src/strings/strings.en.yamlchaoscenter/web/src/views/CreateNewUser/CreateNewUser.tsxTypes of changes
Checklist