username allowed characters

Mads Kiilerich mads at kiilerich.com
Tue Feb 21 14:25:10 UTC 2023 

Hi

Thank you.

But ...

Kallithea generally tries to keep logins and emails unambiguous and in 
different namespaces. It is arguably a bug if Kallithea allows LDAP to 
use email addresses as usernames.

The assumption is probably not entirely enforced, but it and the 
consequences show up for example in get_by_username_or_email .

If allowing @ in usernames, it should perhaps be enforced that it only 
is allowed if it matches the email ... but that seems like a hack that 
would be hard to enforce and not really feasible.

But it is already generally possible to login with email instead of 
username. Perhaps that doesn't work with LDAP? Can you set attr_login to 
point at the email attribute? Or does that have other bad consequences? 
Something that could be fixed instead?

/Mads


On 21/02/2023 12:03, svhb at telenet.be wrote:
> Hello,
>
> I'm using LDAP to authenticate users to our system. Out IT-dept 
> hammers on the fact that we need to use the email-address of users to 
> login.
>
> The login works ok, but when I want to change the settings for a 
> certain user, it complains about a '@' in the user name.A simple patch 
> during docker build solved this issue.
>
> Since email addresses are used regularly for logging in, maybe this 
> can be also in the next version of Kallithea.
>
>
> Simply said : just adding @ to the regexp for username does the job.
>
> --- validators.py    2023-02-21 10:25:27.657212999 +0000
> +++ validators_new.py    2023-02-21 10:26:40.560218089 +0000
> @@ -92,7 +92,7 @@
>                      msg = self.message('username_exists', state, 
> username=value)
>                      raise formencode.Invalid(msg, value, state)
>
> -            if re.match(r'^[a-zA-Z0-9\_]{1}[a-zA-Z0-9\-\_\.]*$', 
> value) is None:
> +            if re.match(r'^[a-zA-Z0-9\_]{1}[a-zA-Z0-9\-\_\.@]*$', 
> value) is None:
>                  msg = self.message('invalid_username', state)
>                  raise formencode.Invalid(msg, value, state)
>      return _validator
>
> Cheers,
> Stefaan
>
>
> BTW : this is the best package I encountered since bitbucket stopped 
> with Hg.
>
>
> _______________________________________________
> kallithea-general mailing list
> kallithea-general at sfconservancy.org
> https://lists.sfconservancy.org/mailman/listinfo/kallithea-general

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sfconservancy.org/pipermail/kallithea-general/attachments/20230221/f6ceea68/attachment.html>

More information about the kallithea-general mailing list