Wouldn't the right thing be to return "204" since a user account with the ID "admin" does exist and that's what "user.exists" is designed to check? The "admin" account not being in the Solr index and user.exists.html currently relying on a Solr query seem like implementation details to me.
Best, Ray On 6/27/12 8:38 AM, Erik Froese wrote: > Hey all, > > We've recently found that creating a user with the name Admin causes > some bad stuff to happen, namely, you can't log in through the UX as > admin anymore. > I think it might be time to add some logic in order to prevent bad > usernames from being created in the system. > > Could we add this to the user.exists.html endpoint? > > /system/userManager/user.exists.html?userid=$username > > HTTP responses: > 204 (OK No Content): A User with that username (or case-variant) > exists on the system. > 404 (Not found): User name is valid and can be used to create a new > user authorizable. > ** 409 (Conflict): The user name is used or conflicts with internal > configuration (aka evil names regex or list) > > My hand it up to JIRA and implement this. It shouldn't take very long > to add a regex property to the LiteUserExistsServlet.java > > Erik > _______________________________________________ > oae-dev mailing list > [email protected] > http://collab.sakaiproject.org/mailman/listinfo/oae-dev > _______________________________________________ oae-dev mailing list [email protected] http://collab.sakaiproject.org/mailman/listinfo/oae-dev
