Problem/Motivation

OpenID connect doesn't check username on violations. Eg. a username should not contain a comma but those characters aren't checked / replaced.

Steps to reproduce

1. Setup an openID generic
2. Make sure the returned username is something like 'Lastname, Firstname'
3. Login with this account using SSO.
4. The user account is correctly created and username is filled in with the Lastname, firstname format
5. Try to edit the account.

The system will give you an error: "The username contains an illegal character."

Proposed resolution

Use the preg match replace option to remove any invalid character from the username

CommentFileSizeAuthor
#3 3294141-3.patch839 bytesjeroent
#2 openid_connect-invalid_username_character-3294141-2.patch470 byteskevinvb

Comments

KevinVb created an issue. See original summary.

kevinvb’s picture

kevinvb commented
Status: Active » Needs review
StatusFileSize
new openid_connect-invalid_username_character-3294141-2.patch470 bytes

Provided a small patch which uses the pattern from the UserNameConstraintValidator.
Suggestions are welcome.

jeroent’s picture

jeroent
Primary language Dutch
Location 🇧🇪
commented
StatusFileSize
new 3294141-3.patch839 bytes

Another check that doesn't happen is the username length.

The external login provider I use, uses usernames longer that 60 characters, which results in a fatal error.

sanduhrs’s picture

sanduhrs
he/him
Primary language German
Location 🇪🇺 Heidelberg, Germany, Europe
commented
Status: Needs review » Closed (duplicate)

Closing this as a duplicate of #3252021: Truncate username if it is greater than 60 characters.