mkhorasani
commented
1 year ago Hi @velicanu, yes actually there is a pull request pertaining to this request, and I will merge it very soon.
Closed velicanu closed 1 year ago
mkhorasani
commented
1 year ago Hi @velicanu, yes actually there is a pull request pertaining to this request, and I will merge it very soon.
Currently there is no restriction on characters in a username, which can result in security issues if the value of the username is not handled properly post authentication. Example:
Would you be open to allowing only alphanumeric +
_, or alternatively to let the auth module take a username validator as an optional parameter to decide the allowed character set?