Mattermost-server: Add a config.json setting for minimum username length

Created on 25 Apr 2019 · 35Comments · Source: mattermost/mattermost-server

If you're interested please comment here and come join our "Contributors" community channel on our daily build server, where you can discuss questions with community members and the Mattermost core team. For technical advice or questions, please join our "Developers" community channel.

New contributors please see our Developer's Guide.

Notes: Jira ticket

Context: We require usernames to be 3 characters or more because MySQL doesn't support searching for shorter strings by default. Postgres supports them by default and MySQL can be configured to support them, so we could add a config.json setting that the SysAdmin can change in those cases. This would be similar to the Minimum Hashtag Length setting added in Mattermost 5.10.

Use Cases:

For CJK teams, 2 letter words are common.
Teams use an email/password login where usernames of their team are the user's initials, which can be 1 or 2 characters long.

Community Requests:

Details

1) A MinimumUsernameLength setting added to the config.json, part of the ServiceSettings section.
2) An entry in the System Console to change that setting, added under Site Configuration > Users and Teams, below Teammate Name Display.

Minimum Username Length [ 3 ]
Help Text: "Minimum number of characters in a username. MySQL databases must be configured to support searching strings shorter than three characters, see documentation."

Mattermost docs: https://docs.mattermost.com/install/requirements.html?highlight=ft_min_word_len#database-software
MySQL docs: https://dev.mysql.com/doc/refman/8.0/en/fulltext-fine-tuning.html

3) The USER_NAME_MIN_LENGTH constant should be removed and this setting should be used in its place.

4) Complete coverage through automated unit tests added - given username search occurs throughout the UI, we want to make sure we have adequate testing coverage for it without increasing release testing Mana.

5) Testing across PostgreSQL, MySQL and Elasticsearch.

Notes:

To start the work for this issue, you can take a look at these PRs where @carmo-evan had started the work:

mattermost-server: https://github.com/mattermost/mattermost-server/pull/11028
mattermost-webapp: https://github.com/mattermost/mattermost-webapp/pull/2895

AreEnd User Feature Medium Help Wanted TecGo TecReactJS Up For Grabs

Source

esethna

👍1

Most helpful comment

Hey again - I'm taking a 1 week break on this ticket ending Mar 25th. I'll be back next week to check in!

mrjones-plip on 18 Mar 2020

👍3

All 35 comments

I'd like to do this one.

carmo-evan on 31 May 2019

Thanks @carmo-evan!

hanzei on 2 Jun 2019

Hey @carmo-evan - I think you may not be working on this issue anymore so I added Up For Grabs label back - if you are, let us know! :)

jasonblais on 26 Jun 2019

Sorry! I forgot you had PRs submitted 🙏

jasonblais on 26 Jun 2019

I apologize, but the PR is outdated and I currently don't have the capacity to finalize this.

carmo-evan on 9 Jul 2019

@carmo-evan no worries, thanks for the heads up! I've referenced your PRs in the help wanted issue and added Up For Grabs label back. If you'd like, you may close the PRs you opened

jasonblais on 9 Jul 2019

@jasonblais Can I own this up?

RajatVaryani on 12 Jul 2019

@RajatVaryani certainly, thank you!

jasonblais on 12 Jul 2019

@jasonblais I did not get the chance to work on this. A PR will be raised pretty soon.

RajatVaryani on 3 Aug 2019

@RajatVaryani Thanks for the heads up, looking forward to reviewing the PR! Appreciate your help with this :)

jasonblais on 3 Aug 2019

Hello. Can we please correct the name of the constant to be USER_NAME_MIN_LENGTH in the issue as well as in the jira ticket?

RajatVaryani on 10 Aug 2019

@RajatVaryani Thanks! I have corrected it

jasonblais on 10 Aug 2019

As first step of the story I am making changes on server side. To do so I have to remove USER_NAME_MIN_LENGTH constant from mattermost/mattermost-server/model/user.go. There's a method as well IsValidUsername which uses this constant. I somehow have to fetch the value from config. As the method is in the model package I am unable to do so. Can someone help me with a workaround for this? I am thinking of injecting the config value as a parameter to the method.

RajatVaryani on 16 Aug 2019

@RajatVaryani would the original PR submitted by a community member be helpful for this case? https://github.com/mattermost/mattermost-server/pull/11028

jasonblais on 16 Aug 2019

@jasonblais I think that is not correctly implemented or my assumptions are incorrect. The method to validate the username is used across many places like importing bulk data of users, while creation of users, Creating and updating incoming webhook for channel. etc. So this config check must be implemented across all these places right? To do so we need to modify the existing method or create a new one and call it from all these places. Please correct me If my assumption is incorrect.

RajatVaryani on 17 Aug 2019

@mgdelacroix @hmhealey wondering if you had thoughts on the above note from @RajatVaryani?

jasonblais on 18 Aug 2019

Yeah, we'll likely need to modify or use a new function everywhere that it's used since the current version doesn't have access to the server's config.

I agree that we'll probably need to replace the existing function everywhere that it's called. The easiest way to do that would be to add an app.isValidUsername method like in the previous PR and call it everywhere, but that only works if we're only checking this as part of the app package. Adding a parameter to the existing function would also work since it's like the sanitize that many of the types in the model package have

hmhealey on 19 Aug 2019

@hmhealey Let me do the changes and raise the PR. Thanks.

RajatVaryani on 20 Aug 2019

Not able to contribute to it. Please release the issue.

RajatVaryani on 29 Sep 2019

Thanks for the update @RajatVaryani. Making this available to the public again.

hanzei on 30 Sep 2019

I'd like to take up this issue.

rfoyard on 8 Oct 2019

Great, thanks @rfoyard! :tada:

jasonblais on 8 Oct 2019

Yeah, we'll likely need to modify or use a new function everywhere that it's used since the current version doesn't have access to the server's config.

I agree that we'll probably need to replace the existing function everywhere that it's called. The easiest way to do that would be to add an app.isValidUsername method like in the previous PR and call it everywhere, but that only works if we're only checking this as part of the app package. Adding a parameter to the existing function would also work since it's like the sanitize that many of the types in the model package have

The IsValidUsername function is called in multiple places where an App object is available so we could add a configuration parameter to the function.

But It's also called by CleanUsername, used in GitLabProvider.GetUserFromJson. In order to pass the new parameter we would need to change the OauthProvider interface. Wouldn't this introduce a breaking change (is it used by external plugins, ...) ?

Another issue is that IsValidUsername is called by user's IsValid method, used in SqlUserStore.SaveandSqlUserStore.Update`. Adding a configuration parameter to the store methods would not be ideal in my opinion. Maybe we could pass a validation function instead ?

What are your thoughts on this ?

rfoyard on 8 Oct 2019

👍1

@hmhealey You might be the best person to help with the above questions?

jasonblais on 8 Oct 2019

@rfoyard Did you get an answer to help you proceed?

jasonblais on 21 Dec 2019

Hi @jasonblais, I had no information to help me proceed.
I am working on another issue that takes me time, feel free to make this one available.

rfoyard on 21 Dec 2019

@rfoyard Thanks for letting me know. Let me touch base with the team and someone will get back to you.

jasonblais on 21 Dec 2019

regarding oauth provider api, it would be preferable not to change the API. I don't think it is used by plugins, but since I don't really know the plugin ecosystem so well, I can only guess. Anyways, if this is needed, then the API would need to change, and that only means that we should be extra-careful with it and make sure it is well communicated, it wouldn't mean that it would stop it.

Regarding config parameter vs function, I agree that is desirable to have a validation function passed to the store, so we can change it in the future without too much hassle.

Willyfrog on 23 Dec 2019

👍1

The OauthProvider is actually for use by the enterprise code (the e in the einterfaces package name stands for "enterprise"), so it would require someone on the core team to make some changes in that repo, but we can change that API whenever we want.

For the validation in the store, I think I'd need to see how passing a validation function would look since I'm not aware of anywhere else that we've done that. It sounds like a good idea in theory though.

hmhealey on 2 Jan 2020

👍1

Let's reduce technical debt! I'm looking to level up from my Difficulty/1:Easy tickets I've done to date: I'll take this one ;)

mrjones-plip on 2 Mar 2020

Yay, thanks @Ths2-9Y-LqJt6! Let us know if you have any questions as you work through this ticket :)

jasonblais on 3 Mar 2020

Still planning on working on this, but my other ticket which was almost done required me to learn how to write e2e cypress tests (fun \o/ !). I'll head over here when I'm done w/ that!

mrjones-plip on 12 Mar 2020

Thanks for the update @Ths2-9Y-LqJt6! Sounds good :)

jasonblais on 12 Mar 2020

Hey again - I'm taking a 1 week break on this ticket ending Mar 25th. I'll be back next week to check in!

mrjones-plip on 18 Mar 2020

👍3

Hey all - I'm no longer working on this so unassigning.

mrjones-plip on 1 Jul 2020

Was this page helpful?

0 / 5 - 0 ratings