Re: [Trac Hacks - Plugins Macros etc.] #10397: Don't allow username with all capital letters
22 views
Skip to first unread message
Steffen Hoffmann
Oct 1, 2012, 2:26:33 PM10/1/12
to trac-...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I redirect the following question to a broader audience and better
visibility than within trac-hacks.org's ticket system.
On 01.10.2012 12:07, Trac Hacks - Plugins Macros etc. wrote:
> #10397: Don't allow username with all capital letters
> --------------------------------+-------------------------------------------
> Reporter: adeel.asghar@... | Owner: hasienda
> Type: defect | Status: new
> Priority: highest | Component: AccountManagerPlugin
> Severity: blocker | Keywords:
> Release: 0.12 |
> --------------------------------+-------------------------------------------
> I have installed TracAccountManager 0.4dev-r12000. This allows users to
> register with a username that can have all capital letters. Is there a way
> to stop this? Later I want to set permissions on the users but i can't set
> them if the username is all capital letters.
>
The current default configuration is like that, yes. Your requirement
could still be fulfilled with this plugin even by different
configurations (hinting just on important configuration pieces here):
1. setting `ignore_auth_case`, so that any (new) username will be
forced to all-lower-case, on registration time as well on login time
{{{
#!ini
[trac]
ignore_auth_case = true
}}}
2. using the !RegExpCheck (new registration procedure for acct_mgr-0.4)
with a suitable regular expression to prevent all-uppercase words
{{{
#!ini
[account-manager]
register_check = BasicCheck, EmailCheck, RegExpCheck, UsernamePerm
username_regexp = ^.*[a-z]{1:}.*$
}}}
* Note 1: line-wraps may happen due to email-limitation, use only one
line per option
* Note 2: any valid Python regular expression is accepted
* Note 3: test your custom expression, i.e. with an online checker like
http://www.regexplanet.com/advanced/python/index.html
* Note 4: see more complete configuration examples, that focus on
different password stores on the configuration cookbook page at
http://trac-hacks.org/wiki/CookBook/AccountManagerPluginConfiguration
== Conclusion ==
Because the first way won't allow any upper-case character at all
the latter might be the preferred way. The RegExpCheck is included since
acct_mgr-0.4dev-r11960, so it's already available for you.
Steffen Hoffmann
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAlBp4FQACgkQ31DJeiZFuHdU8ACfcAGrt9LESaDOWL0bNourC2Ce
5b4An17kj+udMALVkBvN5KKGP+kDJlvQ
=pkum
-----END PGP SIGNATURE-----
Hash: SHA1
I redirect the following question to a broader audience and better
visibility than within trac-hacks.org's ticket system.
On 01.10.2012 12:07, Trac Hacks - Plugins Macros etc. wrote:
> #10397: Don't allow username with all capital letters
> --------------------------------+-------------------------------------------
> Reporter: adeel.asghar@... | Owner: hasienda
> Type: defect | Status: new
> Priority: highest | Component: AccountManagerPlugin
> Severity: blocker | Keywords:
> Release: 0.12 |
> --------------------------------+-------------------------------------------
> I have installed TracAccountManager 0.4dev-r12000. This allows users to
> register with a username that can have all capital letters. Is there a way
> to stop this? Later I want to set permissions on the users but i can't set
> them if the username is all capital letters.
>
The current default configuration is like that, yes. Your requirement
could still be fulfilled with this plugin even by different
configurations (hinting just on important configuration pieces here):
1. setting `ignore_auth_case`, so that any (new) username will be
forced to all-lower-case, on registration time as well on login time
{{{
#!ini
[trac]
ignore_auth_case = true
}}}
2. using the !RegExpCheck (new registration procedure for acct_mgr-0.4)
with a suitable regular expression to prevent all-uppercase words
{{{
#!ini
[account-manager]
register_check = BasicCheck, EmailCheck, RegExpCheck, UsernamePerm
username_regexp = ^.*[a-z]{1:}.*$
}}}
* Note 1: line-wraps may happen due to email-limitation, use only one
line per option
* Note 2: any valid Python regular expression is accepted
* Note 3: test your custom expression, i.e. with an online checker like
http://www.regexplanet.com/advanced/python/index.html
* Note 4: see more complete configuration examples, that focus on
different password stores on the configuration cookbook page at
http://trac-hacks.org/wiki/CookBook/AccountManagerPluginConfiguration
== Conclusion ==
Because the first way won't allow any upper-case character at all
the latter might be the preferred way. The RegExpCheck is included since
acct_mgr-0.4dev-r11960, so it's already available for you.
Steffen Hoffmann
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAlBp4FQACgkQ31DJeiZFuHdU8ACfcAGrt9LESaDOWL0bNourC2Ce
5b4An17kj+udMALVkBvN5KKGP+kDJlvQ
=pkum
-----END PGP SIGNATURE-----
RjOllos
Oct 1, 2012, 3:04:55 PM10/1/12
to trac-...@googlegroups.com
On Monday, October 1, 2012 11:27:05 AM UTC-7, hasienda wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[...]
The current default configuration is like that, yes. Your requirement
could still be fulfilled with this plugin even by different
configurations (hinting just on important configuration pieces here):
[...]
Given Trac's insistence that all-uppercase names be reserved for permissions (1), I'm +1 for having AccountManager reject all-uppercase usernames by default. In fact, I'm not even sure this is worth having a configuration option for. Perhaps the default and only behavior should be for AccountManager to prevent all upper-case usernames. Is there a use-case allowing otherwise?
(1) TracPermissions#GraphicalAdminTab
Steffen Hoffmann
Oct 1, 2012, 3:59:55 PM10/1/12
to trac-...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hash: SHA1
On 01.10.2012 21:04, RjOllos wrote:
> In fact, I'm not even sure this is worth having a configuration option
> for. Perhaps the default and only behavior should be for AccountManager
> to prevent all upper-case usernames.
I was already thinking similarly. So you won. :-) Too easy ton not fix
> In fact, I'm not even sure this is worth having a configuration option
> for. Perhaps the default and only behavior should be for AccountManager
> to prevent all upper-case usernames.
it right-away. Thanks for taking care to respond.
Steffen Hoffmann
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
GsUAoMO9dRgdFJZv9gJAQE4cAs8/r/p2
=L9Fm
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages