need form validation

[wrought]

extra-long and strange-character usernames produce funny business (bad formatting and fail to respond successfully, respectively). We should also do some basic validation to encourage high quality of data (e.g. we want email addresses that won't bounce).

[rcsheets]

I'm working on a first pass at some username validation. Broadly, I think we should reject usernames that:

• fall outside (configurable) length limits
• have no letters
• are too similar to existing usernames (along a variety of dimensions)
• contain non-ascii characters
• contain problematic non-alphanumeric characters (e.g. &, <, control characters)

Any other thoughts on username restrictions?

[buzzaz]

Agreed, but can't this become a can of worms:

• too similar to existing usernames (along a variety of dimensions?)

Any known algo's, or plugibs that do this?

AZ Zaidi www.AbbasZaidi.com 415.966.9800 on PST. "An organism coordinates a point of view." ~Terrence McKenna On Jul 28, 2015 10:54 PM, "Robert C. Sheets" notifications@github.com wrote:

I'm working on a first pass at some username validation. Broadly, I think we should reject usernames that:

• fall outside (configurable) length limits
• have no letters
• are too similar to existing usernames (along a variety of dimensions)
• contain non-ascii characters
• contain problematic non-alphanumeric characters (e.g. &, <, control characters)

Any other thoughts on username restrictions?

— Reply to this email directly or view it on GitHub https://github.com/sudoroom/sudo-humans/issues/6#issuecomment-125850662.

[rcsheets]

I haven't thought much about specific implementations yet.

One simple example would be that a new username should be rejected if it matches an existing username under case folding. Today, I can register my username rcsheets but someone can also register Rcsheets.

[buzzaz]

Agreed. Would you suggest we try to collect as many potential cases as we can before attempting this, or should we just do what we identify now & return to it as more become apparent?

AZ Zaidi www.AbbasZaidi.com 415.966.9800 on PST. "An organism coordinates a point of view." ~Terrence McKenna On Jul 29, 2015 2:52 AM, "Charley Sheets" notifications@github.com wrote:

I haven't thought much about specific implementations yet.

One simple example would be that a new username should be rejected if it matches an existing username under case folding. Today, I can register my username rcsheets but someone can also register Rcsheets.

— Reply to this email directly or view it on GitHub https://github.com/sudoroom/sudo-humans/issues/6#issuecomment-125899651.

[rcsheets]

Given the app is already in production, I say we figure out as much as we can quickly and go ahead and implement it. I've been working on username validation (but a bit slowly, as I'm new to nodejs) and hoping to have something ready for a PR over the weekend.

[yardenac]

There should be a project which is just a database of "characters that look like each other".

[yardenac]

This commit restricts new users to 3-16 alphanumerals and toLowers them https://github.com/sudoroom/sudo-humans/commit/aa42cb981b167a1bb48d45fc6293616fa10d3089

But some people have already created usernames with capitals, spaces and underscores, so we'll have to deal with that.

[rcsheets]

I think https://github.com/sudoroom/sudo-humans/commit/aa42cb981b167a1bb48d45fc6293616fa10d3089 is a good start but we still need more.