Habitica: login usernames can include spaces at the end - adjust API's login route to prevent that

Created on 26 Jun 2016 · 8Comments · Source: HabitRPG/habitica

It's possible to register for Habitica with a login name that has a space at the end and this space is saved in the database as part of the login name.

This means that you can't log in unless you realise that the space was added and enter it along with the rest of your login name.

You can't register like that on the website (I've just tested and the space is removed) so I'm guessing that it's happening on one of the mobile apps, and it might also happen with third-party applications that allow registrations.

I suggest that the API's user/auth/local/register route be adjusted so that it removes any leading and trailing whitespace on any of the input parameters before it creates the account. Note that internal whitespace on login names should NOT be removed.

I'll leave this open for a day and if there's no complaints or better ideas, I'll mark it as help welcome.

medium LogiStatics status in progress

Source

Alys

👍1

Most helpful comment

This should be edited to permit only letters, numbers, hyphens and dashes for new users. Old users are grandfathered

paglias on 20 Aug 2016

👍2

All 8 comments

It should be enough to add trim:true to the username field. I remember we tries to do it but it caused problems because there are duplicates like "username" and "username "

paglias on 26 Jun 2016

We shouldn't try to change it for existing users, both because of the duplicates and perhaps some users are used to the space being there.

However for all new user registrations, I think it's best that leading and trailing spaces are removed.

Alys on 26 Jun 2016

👍1

Is it ok if I work on this?