Regexp allow invalid Orcid prefix

ORCID / orcid-angular

Angular UI for ORCID

MIT License

20 stars 16 forks source link

Regexp allow invalid Orcid prefix #169

Open leomendoza123 opened 4 years ago

leomendoza123 commented 4 years ago

Regexp ORCID_REGEXP and ORCID_URI_REGEXP used to validate ORCID IDs allow any string at the begging of the input.

This makes the UI accept wrong inputs like:

https://INVALID.orcid.org/0000-0002-9361-1905 or INVALID!0000-0002-9361-1905

This will currently affect validation on the advance search and signing

DanielPalafox commented 4 years ago

Currently, in the actual UI in production, you can put anything before the ORCID ID as Leo explains. We just need to accept valid ORCID ids or valid full URLs and with this, we will avoid making unnecessary calls to the backend.

leomendoza123 commented 4 years ago

Yes on the old sign in it will even allow you to successfully sign with an invalid string (if it contains a valid Orcid Id)

We should decide if we really want to validate a perfect ORCID ID for the signin since the backend understands the call.... maybe we want to keep allowing that there.

On the other hand, I believe we need a good validation on most other features.