I'm with Ray on this one. If we assume that the user.exists service just tells us whether or not a username is available, then doing a 204 does seem to be pretty accurate and the existing red cross should be sufficient for that.
Given that the Sign Up page is almost never used in production, it doesn't seem like the best use of time to change the UI code to catch the other status code and display an additional warning. Hope that helps, Nicolaas On 27 Jun 2012, at 17:14, Ray Davis wrote: > Personally I'd prefer to see something like that specified and > prioritized as a new feature. But the specific bug you're talking > about > -- not being able to log into the "admin" account that currently > actually exists out of the box -- seems like a narrower problem, and a > 204 status does seem to describe the real situation. Anyway, I'll step > back now & let others express opinions. > > Best, > Ray > > On 6/27/12 9:00 AM, Erik Froese wrote: >> What about something like "Administrator"? or "ViceProvost"? >> >> 204 would suggest that an account exists by that username, which is >> not true. >> 404 would tell the UX to go ahead and submit that username for >> creation. >> >> If other services start using this endpoint for other reasons we >> could >> be sending mixed messages. >> 409 seems clearer. "An error occurred because the name you submitted >> conflicts with the internal state of the system" >> >> Erik >> >> On Wed, Jun 27, 2012 at 11:53 AM, Bert Pareyn >> <[email protected]> wrote: >>> Hey Eric, >>> >>> The UI needs to get an OK back from the server to know that the >>> username has >>> been taken. >>> If it returns an error code the username has not been taken and is >>> up for >>> grabs. >>> If you can extend user.exists to check for a list of usernames >>> that aren't >>> allowed, like admin, that wouldn't require any change in the UI. >>> >>> Something like >>> >>> - UI does request for username 'Admin' >>> - Server checks if username is blacklisted, if it is return an 'OK' >>> - If it isn't, checks if username is already taken, if it is >>> return an 'OK' >>> >>> - Bert >>> >>> On 27 Jun 2012, at 16:40, Erik Froese wrote: >>> >>> Would the 409 error code is enough to trigger the default error >>> behavior in the UX? >>> The same red X icon would probably suffice to let users know we >>> don't >>> like their choice. >>> >>> e >>> >>> On Wed, Jun 27, 2012 at 11:38 AM, Erik Froese >>> <[email protected]> wrote: >>> >>> Hey all, >>> >>> >>> We've recently found that creating a user with the name Admin causes >>> >>> some bad stuff to happen, namely, you can't log in through the UX as >>> >>> admin anymore. >>> >>> I think it might be time to add some logic in order to prevent bad >>> >>> usernames from being created in the system. >>> >>> >>> Could we add this to the user.exists.html endpoint? >>> >>> >>> /system/userManager/user.exists.html?userid=$username >>> >>> >>> HTTP responses: >>> >>> 204 (OK No Content): A User with that username (or case-variant) >>> >>> exists on the system. >>> >>> 404 (Not found): User name is valid and can be used to create a new >>> >>> user authorizable. >>> >>> ** 409 (Conflict): The user name is used or conflicts with internal >>> >>> configuration (aka evil names regex or list) >>> >>> >>> My hand it up to JIRA and implement this. It shouldn't take very >>> long >>> >>> to add a regex property to the LiteUserExistsServlet.java >>> >>> >>> Erik >>> >>> _______________________________________________ >>> >>> oae-dev mailing list >>> [email protected] >>> http://collab.sakaiproject.org/mailman/listinfo/oae-dev >>> >>> >> _______________________________________________ >> oae-dev mailing list >> [email protected] >> http://collab.sakaiproject.org/mailman/listinfo/oae-dev >> > > > _______________________________________________ > oae-dev mailing list > [email protected] > http://collab.sakaiproject.org/mailman/listinfo/oae-dev _______________________________________________ oae-dev mailing list [email protected] http://collab.sakaiproject.org/mailman/listinfo/oae-dev
