Open ja5087 opened 4 years ago
You probably wouldn't want all digit usernames, since those could be confused with UIDs.
Also, are there any additional usernames that would need to be reserved if numbers suddenly become valid characters in usernames?
I don't think we expose a UID anywhere at the OCF though, but it's fair that just to avoid the possibility in case we ever do to make the first character lowercase alphabetical. As far as I can tell we haven't done anything special that would require more reserved usernames either.
I've changed it so you need to have the first letter be a lowercase character.
Here are some additional steps I thought of that may be needed:
adm1n
?/home/a/a0
, /home/a/a1
, ..., /home/z/z9
.Here are some additional steps I thought of that may be needed:
* Do we want to reserve usernames like `adm1n`? * We'd need to create `/home/a/a0`, `/home/a/a1`, ..., `/home/z/z9`.
Considering we don't reserve things like admin
either and it's probably impossible to maintain a list of all things that sound important, this might be a wontfix. As for the second point, I think this is already ensured by https://github.com/ocf/ocflib/blob/309680aaa2b9e3e6315ad52d0f9118b0a9482acd/ocflib/account/utils.py#L52 and when I tested this function to create e7staff
it worked fine.
We do reserve admin
FWIW: https://github.com/ocf/ocflib/blob/309680aaa2b9e3e6315ad52d0f9118b0a9482acd/ocflib/account/validators.py#L18.
But agree we can consider reserving such leetspeak usernames in a different change.
Oh huh I stand corrected, thanks.
I think talking to @nikhiljha, we're a bit hesitant to merge this, as people could use numbers to make their usernames a bit more obfuscated, e.g. m1337ax
or something. I think just typing out the numbers (.e.g 7
is seven
) is what we have done in the past.
iirc we do have requirements that username must somewhat match real name and it's automatically enforced somewhere - could possibly be useful to prevent somebody using "adm1n" (the one who exploit it must has a name like Adam Norton or something...)
E7 wants a group account with a number in the username and I don't see why not.