Hey Eric, The UI needs to get an OK back from the server to know that the username has been taken. If it returns an error code the username has not been taken and is up for grabs. If you can extend user.exists to check for a list of usernames that aren't allowed, like admin, that wouldn't require any change in the UI.
Something like - UI does request for username 'Admin' - Server checks if username is blacklisted, if it is return an 'OK' - If it isn't, checks if username is already taken, if it is return an 'OK' - Bert On 27 Jun 2012, at 16:40, Erik Froese wrote: > Would the 409 error code is enough to trigger the default error > behavior in the UX? > The same red X icon would probably suffice to let users know we don't > like their choice. > > e > > On Wed, Jun 27, 2012 at 11:38 AM, Erik Froese <[email protected]> wrote: >> Hey all, >> >> We've recently found that creating a user with the name Admin causes >> some bad stuff to happen, namely, you can't log in through the UX as >> admin anymore. >> I think it might be time to add some logic in order to prevent bad >> usernames from being created in the system. >> >> Could we add this to the user.exists.html endpoint? >> >> /system/userManager/user.exists.html?userid=$username >> >> HTTP responses: >> 204 (OK No Content): A User with that username (or case-variant) >> exists on the system. >> 404 (Not found): User name is valid and can be used to create a new >> user authorizable. >> ** 409 (Conflict): The user name is used or conflicts with internal >> configuration (aka evil names regex or list) >> >> My hand it up to JIRA and implement this. It shouldn't take very long >> to add a regex property to the LiteUserExistsServlet.java >> >> Erik > _______________________________________________ > oae-dev mailing list > [email protected] > http://collab.sakaiproject.org/mailman/listinfo/oae-dev
_______________________________________________ oae-dev mailing list [email protected] http://collab.sakaiproject.org/mailman/listinfo/oae-dev
