View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0008170 | Taler | libeufin-bank-ui (SPA) | public | 2024-01-21 19:32 | 2024-04-15 21:33 |
| Reporter | Christian Grothoff | Assigned To | Antoine A | ||
| Priority | normal | Severity | tweak | Reproducibility | N/A |
| Status | closed | Resolution | fixed | ||
| Platform | i7 | OS | Debian GNU/Linux | OS Version | squeeze |
| Product Version | git (master) | ||||
| Target Version | 0.10 | Fixed in Version | 0.10 | ||
| Summary | 0008170: Username character set restrictions? | ||||
| Description | When creating a bank account, the SPA seems to allow any username (I tried spaces, %, -, ~ -- anything goes, it seems). However, I suspect that libeufin-bank does or maybe should impose restrictions on the username, especially as it is used in URLs. So we should decide & document those restrictions (if they are not yet!), and the SPA should already enforce the restrictions when the user name is entered by the admin. Unless you're sure that truly anything goes... | ||||
| Tags | No tags attached. | ||||
| child of | 0008365 | closed | Christian Grothoff | package and upload libeufin 0.10 to ftp and stable Debian/Ubuntu server |
|
|
Not sure who of the two of you should start on with this, depends a bit on what exactly the issue is. I just suspect there is one ;-). |
|
|
let's first define from server side which charset are allowed for the username, also for password. when you have that regex for both, assign that to me and I will implement it in the SPA to prevent a request that we know it will fail. PD: if you also have any other restriction for other field like "full name" please include it |
|
|
I'd just use the legal characters that don't require escaping in URLs, minus the separators "/?&#". That way, we can be sure that we can safely use the username in any access path (/accounts/$USERNAME/something) without causing problems or requiring escaping. WDYT? As for the full name, I'd probably just go for full UTF-8. |
|
|
ok, i will restrict to ALPHA DIGIT "-" / "." / "_" / "~" based on https://datatracker.ietf.org/doc/html/rfc3986#section-2.3 |
|
|
0b8b9950d..113f6614c |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-01-21 19:32 | Christian Grothoff | New Issue | |
| 2024-01-21 19:32 | Christian Grothoff | Status | new => assigned |
| 2024-01-21 19:32 | Christian Grothoff | Assigned To | => sebasjm |
| 2024-01-21 19:33 | Christian Grothoff | Note Added: 0020946 | |
| 2024-02-10 00:24 | Christian Grothoff | Relationship added | child of 0008365 |
| 2024-03-11 19:31 | sebasjm | Assigned To | sebasjm => Antoine A |
| 2024-03-11 19:31 | sebasjm | Status | assigned => feedback |
| 2024-03-11 19:31 | sebasjm | Note Added: 0021842 | |
| 2024-03-11 19:35 | Christian Grothoff | Note Added: 0021843 | |
| 2024-03-11 19:35 | Christian Grothoff | Status | feedback => assigned |
| 2024-03-11 19:46 | sebasjm | Note Added: 0021845 | |
| 2024-03-12 13:02 | sebasjm | Status | assigned => resolved |
| 2024-03-12 13:02 | sebasjm | Resolution | open => fixed |
| 2024-03-12 13:02 | sebasjm | Note Added: 0021860 | |
| 2024-03-12 13:44 | Christian Grothoff | Fixed in Version | => 0.10 |
| 2024-04-15 21:33 | Christian Grothoff | Status | resolved => closed |
