Server: Allow plus (+) character in username

Created on 3 Jul 2018  路  10Comments  路  Source: nextcloud/server

Steps to reproduce

  1. Create user with username containing plus char

Expected behaviour

User should be created

Actual behaviour

An error message with text "Only the following characters are allowed in a username: "a-z", "A-Z", "0-9", and "_.@-'"" occured.

0. Needs triage enhancement users and groups
Source
picture skroczek
👎1

Most helpful comment

馃憥 No fan of adding strange characters there. It's not supposed to be a user facing value anyhow.

picture blizzz on 3 Jul 2018
👍2

All 10 comments

cc @blizzz @nickvergessen @rullzer Opinion on this?

MorrisJobke picture MorrisJobke on 3 Jul 2018

causes behaviour problems, because " " is replaced with "+" on urlencode, so we would need to change this everywhere with the full trail of problems.

nickvergessen picture nickvergessen on 3 Jul 2018

causes behaviour problems, because " " is replaced with "+" on urlencode, so we would need to change this everywhere with the full trail of problems.

Full ack.

MorrisJobke picture MorrisJobke on 3 Jul 2018

urlencode encodes " " as +, that's true. But it encodes '+' as '%2B', so I'm not sure if it would be such a big problem. A real problem exists, if you mix urldecode and rawurlencode. In this case, the already allowed white space leads to a problem:

<?php
// Result: [email protected]
echo rawurldecode(urlencode('foo [email protected]'));

All other combinations of rawurldecode and urlencode with '+' and ' ' are fine. And this problem already exists in the current code, so allowing the plus character is not that bad.

skroczek picture skroczek on 3 Jul 2018

馃憥 No fan of adding strange characters there. It's not supposed to be a user facing value anyhow.

blizzz picture blizzz on 3 Jul 2018
👍2

@blizzz I understand, that for commonly used usernames plus must sound as a strange character. But if you allow email addresses as usernames, what you are doing right now, it isn't. Even gmail allows + as a delimiter to tag mail addresses.
But I think it would actually be the best if the characters could be configured. However, I fear that it would take a much greater effort to implement this.

skroczek picture skroczek on 4 Jul 2018

But I think it would actually be the best if the characters could be configured.

No, that does not help at all. Apps need to know what they have to expect. So they would always have to implement for the biggest result set anyway. The thing is if we all of a sudden allow new characters that might cause undefined big problems for apps.

Counting all the Nops in here I see 4 so far, so I'm closing this for now.

nickvergessen picture nickvergessen on 4 Jul 2018
👍1

Well, that's a pity. Now I have to think about a workaround :thinking:. Maybe next time. :relaxed:

skroczek picture skroczek on 4 Jul 2018

Workaround: $uid = str_replace('+', '-', $uid); in the right place.
If you have 2 people with the same email just one using + and the other one - that's bad luck

nickvergessen picture nickvergessen on 4 Jul 2018

Some of my users really require this for google emails as user names ... maybe time to reconsider: https://github.com/owncloud/core/pull/36613

Escubaer picture Escubaer on 21 Feb 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jancborchardt picture jancborchardt  路  3Comments
ghost picture ghost  路  3Comments
mfechner picture mfechner  路  3Comments
blackcrack picture blackcrack  路  3Comments
ChristophWurst picture ChristophWurst  路  3Comments