I had a couple of problems with CE's (very liberal!) login validation.
People were signing up with numeric usernames like 0099345. This
passed the rails validation but would choke when the user logged-in on
the over ridden user::find method. This find method is very useful in
that it allows you to find by either a username or id but, in the case
above, it interpreted the login as an id and couldn't find the user.
Anyway, to bring it all into line I made the following changes which
may be useful to others:
I changed the validation to:
validates_format_of :login, :with => /^[A-Za-z0][ A-Za-z0-9_-]+
$/
This means that logins must begin with a letter or 0 and they can
contain any number of letters, numbers, _ , - , or spaces. The old
validation allowed logins to begin with any number or any whitespace
characters. It also allowed whitespace characters such as TAB and
RETURN in the login.
I also made a small change to the find method in order to recognize
that numeric logins beginning with '0' are not ids:
# override activerecord's find to allow us to find by name or id
transparently
def self.find(*args)
logger.info args.first
if args.is_a?(Array) and args.first.is_a?(String) and
(args.first.index(/[a-zA-Z\-_]+/) or args.first.index('0') == 0 or
args.first.to_i.eql?(0) )
find_by_login_slug(args)
else
super
end
end
All these changes are in user.rb
Cheers,
--
Barry
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CommunityEngine" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/communityengine?hl=en
-~----------~----~----~----~------~----~------~--~---
