I'm fine with an extra 409 error code and an explanation as to why the username can't be chosen. The UI will need to submit a patch together with yours to catch it and show an appropriate message.
- Bert On 27 Jun 2012, at 17:00, Erik Froese wrote: > What about something like "Administrator"? or "ViceProvost"? > > 204 would suggest that an account exists by that username, which is not true. > 404 would tell the UX to go ahead and submit that username for creation. > > If other services start using this endpoint for other reasons we could > be sending mixed messages. > 409 seems clearer. "An error occurred because the name you submitted > conflicts with the internal state of the system" > > Erik > > On Wed, Jun 27, 2012 at 11:53 AM, Bert Pareyn <[email protected]> wrote: >> Hey Eric, >> >> The UI needs to get an OK back from the server to know that the username has >> been taken. >> If it returns an error code the username has not been taken and is up for >> grabs. >> If you can extend user.exists to check for a list of usernames that aren't >> allowed, like admin, that wouldn't require any change in the UI. >> >> Something like >> >> - UI does request for username 'Admin' >> - Server checks if username is blacklisted, if it is return an 'OK' >> - If it isn't, checks if username is already taken, if it is return an 'OK' >> >> - Bert >> >> On 27 Jun 2012, at 16:40, Erik Froese wrote: >> >> Would the 409 error code is enough to trigger the default error >> behavior in the UX? >> The same red X icon would probably suffice to let users know we don't >> like their choice. >> >> e >> >> On Wed, Jun 27, 2012 at 11:38 AM, Erik Froese <[email protected]> wrote: >> >> Hey all, >> >> >> We've recently found that creating a user with the name Admin causes >> >> some bad stuff to happen, namely, you can't log in through the UX as >> >> admin anymore. >> >> I think it might be time to add some logic in order to prevent bad >> >> usernames from being created in the system. >> >> >> Could we add this to the user.exists.html endpoint? >> >> >> /system/userManager/user.exists.html?userid=$username >> >> >> HTTP responses: >> >> 204 (OK No Content): A User with that username (or case-variant) >> >> exists on the system. >> >> 404 (Not found): User name is valid and can be used to create a new >> >> user authorizable. >> >> ** 409 (Conflict): The user name is used or conflicts with internal >> >> configuration (aka evil names regex or list) >> >> >> My hand it up to JIRA and implement this. It shouldn't take very long >> >> to add a regex property to the LiteUserExistsServlet.java >> >> >> Erik >> >> _______________________________________________ >> >> oae-dev mailing list >> [email protected] >> http://collab.sakaiproject.org/mailman/listinfo/oae-dev >> >> > _______________________________________________ > oae-dev mailing list > [email protected] > http://collab.sakaiproject.org/mailman/listinfo/oae-dev
_______________________________________________ oae-dev mailing list [email protected] http://collab.sakaiproject.org/mailman/listinfo/oae-dev
