Dots should be limited in usernames

[lifenautjoe]

Good: joel.hernandez Bad: ., .. ...

[lifenautjoe]

Whatever validation has to be added too to the backend

[tschwaerzl]

Is foo.bar.example bad? Is .foo bad? Is foo. bad?

[lifenautjoe]

.foo and foo. are bad, never dots beginning or ending.

foo.bar.example is okay

[duichwer]

A small list about code locations that should be updated too.

• [ ] Update test to include invalid usernames (e.g. asdf; a.b; ab.) https://github.com/OkunaOrg/okuna-api/blob/1d00bea59150888f18eb11eaa99318efd16141e1/openbook_auth/tests/views/test_auth.py#L72

Okuna-App

• [ ] Text-Formatting (See also issue https://github.com/OkunaOrg/okuna-app/issues/312) https://github.com/OkunaOrg/okuna-app/blob/737e0688610822166a6fd8c98eb9b2886797d1c2/lib/widgets/theming/smart_text.dart#L110
• [ ] Validation of the username https://github.com/OkunaOrg/okuna-app/blob/737e0688610822166a6fd8c98eb9b2886797d1c2/lib/services/validation.dart#L152-L153

[duichwer]

A possible RegEx for the SmartText Highlighting with escapet at-sign. r"(?<=[\s\n\r]|^)(\@A-Za-z0-9{0,28}[A-Za-z0-9])?)(?=\b|$)"

[Komposten]

A possible RegEx for the SmartText Highlighting with escapet at-sign. r"(?<=[\s\n\r]|^)(\@[A-Za-z0-9](([A-Za-z0-9]|[._](?![._])){0,28}[A-Za-z0-9])?)(?=\b|$)"

A couple of comments on this: 1) \n and \r are typically included in \s, so it should be enough with (?<=\s|^) 2) We don't need to use a lookbehind at the start (or a lookahead at the end, for that matter). Non-capturing groups are enough. Another reason not to use lookbehinds is that they are not supported by many major browsers, so if we don't use them we could use the same regex in both the app and in the web version. 3) We probably also want to minimise the number of capturing groups in general, which is easily done if we convert them to non-capturing groups.

With these comments in mind, the regex will look like: (?:\s|^)(\@[A-Za-z0-9](?:(?:[A-Za-z0-9]|[._](?![._])){0,28}[A-Za-z0-9])?)(?:\b|$)

And some tests with this patched regex: Blue+green = full match Green = first capture group (the part we are interested in)

Yes, this means that the matches include the preceding space/newline. That doesn't matter, though, since we use the first capture group anyway. It also is much faster than using lookbehinds/lookaheads.

---

For the regexes used by the validators in both the API and the app, we can probably use the regex I suggested in #368, which also was adapted from a suggestion by @duichwer (thank you 👍): ^[a-zA-Z0-9](?:[._]?[a-z-A-Z0-9])*$ This one is used to match against a string which only contains a username, so matching @, anything before the username, or anything after is not necessary. Using the same tests as above with this regex we get what we would expect: