Re: [Trac Hacks - Plugins Macros etc.] #10397: Don't allow username with all capital letters

Showing 1-3 of 3 messages
Re: [Trac Hacks - Plugins Macros etc.] #10397: Don't allow username with all capital letters hasienda 10/1/12 11:27 AM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I redirect the following question to a broader audience and better
visibility than within trac-hacks.org's ticket system.

On 01.10.2012 12:07, Trac Hacks - Plugins Macros etc. wrote:
> #10397: Don't allow username with all capital letters
> --------------------------------+-------------------------------------------
> Reporter:  adeel.asghar@...  |       Owner:  hasienda            
>     Type:  defect               |      Status:  new                
> Priority:  highest              |   Component:  AccountManagerPlugin
> Severity:  blocker              |    Keywords:                      
>  Release:  0.12                 |  
> --------------------------------+-------------------------------------------
>  I have installed TracAccountManager 0.4dev-r12000. This allows users to
>  register with a username that can have all capital letters. Is there a way
>  to stop this? Later I want to set permissions on the users but i can't set
>  them if the username is all capital letters.
>

The current default configuration is like that, yes. Your requirement
could still be fulfilled with this plugin even by different
configurations (hinting just on important configuration pieces here):

 1. setting `ignore_auth_case`, so that any (new) username will be
forced to all-lower-case, on registration time as well on login time
{{{
#!ini

[trac]
ignore_auth_case = true

}}}
 2. using the !RegExpCheck (new registration procedure for acct_mgr-0.4)
with a suitable regular expression to prevent all-uppercase words
{{{
#!ini

[account-manager]
register_check = BasicCheck, EmailCheck, RegExpCheck, UsernamePerm
username_regexp = ^.*[a-z]{1:}.*$

}}}

 * Note 1: line-wraps may happen due to email-limitation, use only one
line per option
 * Note 2: any valid Python regular expression is accepted
 * Note 3: test your custom expression, i.e. with an online checker like
 http://www.regexplanet.com/advanced/python/index.html
 * Note 4: see more complete configuration examples, that focus on
different password stores on the configuration cookbook page at
 http://trac-hacks.org/wiki/CookBook/AccountManagerPluginConfiguration


== Conclusion ==

Because the first way won't allow any upper-case character at all
the latter might be the preferred way. The RegExpCheck is included since
acct_mgr-0.4dev-r11960, so it's already available for you.


Steffen Hoffmann
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlBp4FQACgkQ31DJeiZFuHdU8ACfcAGrt9LESaDOWL0bNourC2Ce
5b4An17kj+udMALVkBvN5KKGP+kDJlvQ
=pkum
-----END PGP SIGNATURE-----
Re: [Trac Hacks - Plugins Macros etc.] #10397: Don't allow username with all capital letters RjOllos 10/1/12 12:04 PM


On Monday, October 1, 2012 11:27:05 AM UTC-7, hasienda wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[...]
 
The current default configuration is like that, yes. Your requirement
could still be fulfilled with this plugin even by different
configurations (hinting just on important configuration pieces here):

[...]

Given Trac's insistence that all-uppercase names be reserved for permissions (1), I'm +1 for having AccountManager reject all-uppercase usernames by default. In fact, I'm not even sure this is worth having a configuration option for. Perhaps the default and only behavior should be for AccountManager to prevent all upper-case usernames. Is there a use-case allowing otherwise?

(1) TracPermissions#GraphicalAdminTab 

Re: [Trac] Re: [Trac Hacks - Plugins Macros etc.] #10397: Don't allow username with all capital letters hasienda 10/1/12 1:00 PM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01.10.2012 21:04, RjOllos wrote:
> In fact, I'm not even sure this is worth having a configuration option
> for. Perhaps the default and only behavior should be for AccountManager
> to prevent all upper-case usernames.

I was already thinking similarly. So you won. :-) Too easy ton not fix
it right-away. Thanks for taking care to respond.

Steffen Hoffmann
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlBp9jkACgkQ31DJeiZFuHfOFQCfecyeIGH4uUR8olvL+C2fcdi0
GsUAoMO9dRgdFJZv9gJAQE4cAs8/r/p2
=L9Fm
-----END PGP SIGNATURE-----