Access rules can constrain the characters allowed for usernames or they can exclude certain patterns.
Still, when somebody applies for a new account, she is not being adequately informed about the changed rules.
He is shown "Spaces are allowed; punctuation is not allowed except for periods, hyphens, and underscores." (at least after #131493 has been committed.)

Example 1: Blocked username

Access rule:

  • deny username 'blof'.

On registration: The username 'blof' is refused with the error message "The name Blof has been denied access."

Commentary: As this username has been specifically blocked, it makes no sense to inform the user about that access rule before he enters the name. Moreover we don't want to expose usernames that have been specifically blocked to everybody. So that is okay.

Not okay is the error message "... has been denied access". This is confusing as this is a registration and no access.
the message should either read "Blof is no valid username. Please choose another username." or (to cloud specific access rules) "The username Blof is already taken. Please choose another username."

Example 2: Blocked pattern

Access rule:

  • deny username '%admin%'.

On registration: The username 'Administrator' is refused with the error message "The name Administrator has been denied access."

Commentary: To inform the user about blocked patterns before he enters the name would result in a too long description text. Moreover we might not want to expose blocked patterns to everybody. So that is okay.

Not okay is the error message "... has been denied access". This is confusing as this is a registration and no access.
the message should either read "Administrator is no valid username. Please choose another username." or (to cloud specific access rules) "The username Administrator is already taken. Please choose another username."

Example 3: Blocked characters

Access rules:

  • deny username '%ä%'.
  • deny username '%ö%'.
  • deny username '%ü%'.
  • deny username '%ß%'.

On registration: The username 'Gerhard Schröder' is refused with the error message "The name Gerhard Schröder has been denied access."

Commentary: If some character is blocked, the user should be informed before he enters the name. So the field description should read like "Characters 'äöuß' are not allowed. Spaces are allowed. Punctuation is not allowed except for periods, hyphens, and underscores."

If this rule is ignored by the registrant, he should be informed by the error message "The username contains an illegal character", just as if he had entered a '#' or a '%' for example. Even better, if the message would be more detailed: "The username contains the illegal character 'ö'".

Example 4:Blocked spaces

Access rule:

  • deny username '% %'.

On registration: The username 'Dries Buytaert' is refused with the error message "The name Dries Buytaert has been denied access."

Commentary: Similar to example 3. The field description should read 'Spaces are not allowed. Punctuation is not allowed except for periods, hyphens, and underscores."

If this rule is ignored by the registrant, the error message "Spaces are not allowed in usernames" should be thrown.

Solution?

I think all of this should be solvable within the given D6-timeframe and without too large changes. I'd just like to collect some opinions on this before creating a patch.

Comments

pancho’s picture

pancho
Location UTC+2 🇪🇺 EU
commented
Title: Access rules not communicated on registration » string freeze: Access rules not communicated on registration
keith.smith’s picture

keith.smith commented
Version: 6.x-dev » 7.x-dev

To quote Gábor from http://lists.drupal.org/pipermail/development/2007-December/027977.html: "RC1 is string freeze, so whatever needs modifications in the strings is generally postponed to Drupal 7."

catch’s picture

catch
he/him
Primary language English
commented
Title: string freeze: Access rules not communicated on registration » User restriction rules not communicated on registration
Project: Drupal core » User Restrictions
Version: 7.x-dev »
Component: user system » Code

This is mine now, mwahahaha.

Anonymous’s picture

Anonymous (not verified) commented

Drupal 7 is more restrictive about the username; it doesn't allow users to use two or more spaces in row, in example, or to use a space at the beginning or at the end of the username. The description given for the username field is still Spaces are allowed; punctuation is not allowed except for periods, hyphens, apostrophes, and underscores..

The module could probably use some predefined rules, for which it can report a more detailed error message. In example, it could verify if the username doesn't contains numbers, and report to the user the error message The user name must contain at least X numbers.
This would not be in contrast with what reported in the registration form that suggest the user to use uppercase letters, numbers, and punctuation characters without to say how much of them should be used.

Anonymous’s picture

Anonymous (not verified) commented
Title: User restriction rules not communicated on registration » Change the error message shown when a username is not allowed from the restriction rules
Category: bug » task

I am changing the title to reflect what the current task is.

Anonymous’s picture

Anonymous (not verified) commented
Assigned: Unassigned »
Status: Active » Fixed

The code has been changed, and committed in CVS.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

  • Commit a73b444 on 7.x-1.x, 8.x-1.x by kiam: 
    By kiam: Changed the code as per #200789, #849998, and #268405.