fix(auth): allow user username to be an email#5455
Open
CorneilleEdi wants to merge 3 commits intolitmuschaos:masterfrom
Open
fix(auth): allow user username to be an email#5455CorneilleEdi wants to merge 3 commits intolitmuschaos:masterfrom
CorneilleEdi wants to merge 3 commits intolitmuschaos:masterfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Updates LitmusChaos username validation to allow email addresses as usernames (to align API user creation with Dex login behavior) and increases the maximum allowed username length.
Changes:
- Increase allowed username length from 16 to 256 in UI + backend validation.
- Update username validation to accept email addresses (and update related error/help text).
- Minor string/YAML formatting cleanup and a small whitespace-only change.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| chaoscenter/web/src/views/CreateNewUser/CreateNewUser.tsx | Updates Create User form validation to allow up to 256 characters for username. |
| chaoscenter/web/src/utils/userDetails.ts | Removes a trailing blank line (format-only). |
| chaoscenter/web/src/strings/strings.en.yaml | Updates validation/help text and reformats some long strings. |
| chaoscenter/web/src/constants/validation.ts | Expands username regex to allow email-like inputs and longer usernames. |
| chaoscenter/authentication/pkg/utils/sanitizers.go | Updates backend username validator to allow emails and longer usernames. |
| chaoscenter/authentication/pkg/utils/errors.go | Updates strict-username error description text. |
| chaoscenter/authentication/api/handlers/doc.go | Updates Swagger error example text for strict-username violation. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+67
to
+84
| // Username must start with a letter or digit - ^[a-zA-Z0-9] | ||
| // Allow letters, digits, underscores, hyphens, dots and @ - [a-zA-Z0-9_@.-] | ||
| // Ensure the length of the username is between 3 and 256 characters (1 character is already matched above) - {2,255}$ or the username is a valid email. | ||
| func ValidateStrictUsername(username string) error { | ||
| // Ensure username doesn't contain special characters (only letters, numbers, and underscores are allowed) | ||
| if matched, _ := regexp.MatchString(`^[a-zA-Z][a-zA-Z0-9_-]{2,15}$`, username); !matched { | ||
| return fmt.Errorf("username can only contain letters, numbers, and underscores") | ||
| if len(username) < 3 { | ||
| return fmt.Errorf("username must be at least 3 characters long") | ||
| } | ||
| if len(username) > 256 { | ||
| return fmt.Errorf("username must be at most 256 characters long") | ||
| } | ||
|
|
||
| if _, err := mail.ParseAddress(username); err == nil { | ||
| return nil | ||
| } | ||
|
|
||
| plainUsernameRegex := regexp.MustCompile(`^[a-zA-Z][a-zA-Z0-9_-]{2,255}$`) | ||
| if !plainUsernameRegex.MatchString(username) { | ||
| return fmt.Errorf("username can only contain letters, numbers, underscores, and hyphens, must start with a letter, and be 3–256 characters long") |
Comment on lines
70
to
86
| func ValidateStrictUsername(username string) error { | ||
| // Ensure username doesn't contain special characters (only letters, numbers, and underscores are allowed) | ||
| if matched, _ := regexp.MatchString(`^[a-zA-Z][a-zA-Z0-9_-]{2,15}$`, username); !matched { | ||
| return fmt.Errorf("username can only contain letters, numbers, and underscores") | ||
| if len(username) < 3 { | ||
| return fmt.Errorf("username must be at least 3 characters long") | ||
| } | ||
| if len(username) > 256 { | ||
| return fmt.Errorf("username must be at most 256 characters long") | ||
| } | ||
|
|
||
| if _, err := mail.ParseAddress(username); err == nil { | ||
| return nil | ||
| } | ||
|
|
||
| plainUsernameRegex := regexp.MustCompile(`^[a-zA-Z][a-zA-Z0-9_-]{2,255}$`) | ||
| if !plainUsernameRegex.MatchString(username) { | ||
| return fmt.Errorf("username can only contain letters, numbers, underscores, and hyphens, must start with a letter, and be 3–256 characters long") | ||
| } | ||
| return nil |
Comment on lines
+1
to
+6
| // (?=.{3,256}$) # Ensure the length of the username is between 3 and 256 characters. | ||
| // ^[a-zA-Z0-9] # Must start with a letter or digit. | ||
| // [a-zA-Z0-9_@.-]* # Allow letters, digits, underscores, at-sign, dots, and hyphens in the middle. | ||
| // [a-zA-Z0-9]$ # Must end with a letter or digit. | ||
| // This regex allows standard usernames and email addresses, but is stricter to avoid trailing special characters. | ||
| export const USERNAME_REGEX = /^(?=.{3,256}$)[a-zA-Z0-9][a-zA-Z0-9_@.-]*[a-zA-Z0-9]$/; |
| .min(3, getString('fieldMinLength', { length: 3 })) | ||
| .max(16, getString('fieldMaxLength', { length: 16 })) | ||
| .max(256, getString('fieldMaxLength', { length: 256 })) | ||
| .matches(USERNAME_REGEX, getString('usernameValidText')), |
Comment on lines
+77
to
+78
|
|
||
| if _, err := mail.ParseAddress(username); err == nil { |
| ErrStrictPasswordPolicyViolation: "Please ensure the password is atleast 8 characters long and atmost 16 characters long and has atleast 1 digit, 1 lowercase alphabet, 1 uppercase alphabet and 1 special character", | ||
| ErrStrictUsernamePolicyViolation: "The username should be atleast 3 characters long and atmost 16 characters long.", | ||
| ErrStrictPasswordPolicyViolation: "Please ensure the password is at least 8 characters long and at most 16 characters long and has at least 1 digit, 1 lowercase alphabet, 1 uppercase alphabet and 1 special character", | ||
| ErrStrictUsernamePolicyViolation: "The username must be either a valid email address or a string of 3 to 256 characters starting and ending with an alphanumeric character and containing only '._-@' as special characters.", |
| type ErrStrictUsernamePolicyViolation struct { | ||
| Code int `json:"code" example:"401"` | ||
| Message string `json:"message" example:"The username should be atleast 3 characters long and atmost 16 characters long."` | ||
| Message string `json:"message" example:"The username must be either a valid email address or a string of 3 to 256 characters starting and ending with an alphanumeric character and containing only '._-@' as special characters."` |
| No Environments found in this project, click on 'New Environment' to add | ||
| environments. | ||
| noEnvironmentFoundNewMessage: >- | ||
| An environment represents where you are installing your chaos infrastructure |
Comment on lines
+1181
to
+1182
| Username must be a valid email or 3–256 characters using only letters, digits, | ||
| underscores, and hyphens |
Contributor
|
@CorneilleEdi can you please check the comments from copilot |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed changes
This PR addresses issue #5418.
usernamewhen creating a user via the API.Types of changes
What types of changes does your code introduce to Litmus? Put an
xin the boxes that applyChecklist