On Thu, Jun 28, 2012 at 5:36 AM, Nicolaas Matthijs <[email protected]> wrote: > I'm with Ray on this one. If we assume that the user.exists service > just tells us whether or not a username is available, then doing a 204 > does seem to be pretty accurate and the existing red cross should be > sufficient for that.
I agree that the red cross is sufficient. I don't like the idea of the same http code meaning different things though. > > Given that the Sign Up page is almost never used in production, it > doesn't seem like the best use of time to change the UI code to catch > the other status code and display an additional warning. We (rSmart) ue the register page in production. The UX patch was a one-liner. https://github.com/sakaiproject/3akai-ux/commit/b22d27912662bd8030b11a30d14aed9bf756af7b > > Hope that helps, > Nicolaas > > > > On 27 Jun 2012, at 17:14, Ray Davis wrote: > >> Personally I'd prefer to see something like that specified and >> prioritized as a new feature. But the specific bug you're talking >> about >> -- not being able to log into the "admin" account that currently >> actually exists out of the box -- seems like a narrower problem, and a >> 204 status does seem to describe the real situation. Anyway, I'll step >> back now & let others express opinions. >> >> Best, >> Ray >> >> On 6/27/12 9:00 AM, Erik Froese wrote: >>> What about something like "Administrator"? or "ViceProvost"? >>> >>> 204 would suggest that an account exists by that username, which is >>> not true. >>> 404 would tell the UX to go ahead and submit that username for >>> creation. >>> >>> If other services start using this endpoint for other reasons we >>> could >>> be sending mixed messages. >>> 409 seems clearer. "An error occurred because the name you submitted >>> conflicts with the internal state of the system" >>> >>> Erik >>> >>> On Wed, Jun 27, 2012 at 11:53 AM, Bert Pareyn >>> <[email protected]> wrote: >>>> Hey Eric, >>>> >>>> The UI needs to get an OK back from the server to know that the >>>> username has >>>> been taken. >>>> If it returns an error code the username has not been taken and is >>>> up for >>>> grabs. >>>> If you can extend user.exists to check for a list of usernames >>>> that aren't >>>> allowed, like admin, that wouldn't require any change in the UI. >>>> >>>> Something like >>>> >>>> - UI does request for username 'Admin' >>>> - Server checks if username is blacklisted, if it is return an 'OK' >>>> - If it isn't, checks if username is already taken, if it is >>>> return an 'OK' >>>> >>>> - Bert >>>> >>>> On 27 Jun 2012, at 16:40, Erik Froese wrote: >>>> >>>> Would the 409 error code is enough to trigger the default error >>>> behavior in the UX? >>>> The same red X icon would probably suffice to let users know we >>>> don't >>>> like their choice. >>>> >>>> e >>>> >>>> On Wed, Jun 27, 2012 at 11:38 AM, Erik Froese >>>> <[email protected]> wrote: >>>> >>>> Hey all, >>>> >>>> >>>> We've recently found that creating a user with the name Admin causes >>>> >>>> some bad stuff to happen, namely, you can't log in through the UX as >>>> >>>> admin anymore. >>>> >>>> I think it might be time to add some logic in order to prevent bad >>>> >>>> usernames from being created in the system. >>>> >>>> >>>> Could we add this to the user.exists.html endpoint? >>>> >>>> >>>> /system/userManager/user.exists.html?userid=$username >>>> >>>> >>>> HTTP responses: >>>> >>>> 204 (OK No Content): A User with that username (or case-variant) >>>> >>>> exists on the system. >>>> >>>> 404 (Not found): User name is valid and can be used to create a new >>>> >>>> user authorizable. >>>> >>>> ** 409 (Conflict): The user name is used or conflicts with internal >>>> >>>> configuration (aka evil names regex or list) >>>> >>>> >>>> My hand it up to JIRA and implement this. It shouldn't take very >>>> long >>>> >>>> to add a regex property to the LiteUserExistsServlet.java >>>> >>>> >>>> Erik >>>> >>>> _______________________________________________ >>>> >>>> oae-dev mailing list >>>> [email protected] >>>> http://collab.sakaiproject.org/mailman/listinfo/oae-dev >>>> >>>> >>> _______________________________________________ >>> oae-dev mailing list >>> [email protected] >>> http://collab.sakaiproject.org/mailman/listinfo/oae-dev >>> >> >> >> _______________________________________________ >> oae-dev mailing list >> [email protected] >> http://collab.sakaiproject.org/mailman/listinfo/oae-dev > > _______________________________________________ > oae-dev mailing list > [email protected] > http://collab.sakaiproject.org/mailman/listinfo/oae-dev _______________________________________________ oae-dev mailing list [email protected] http://collab.sakaiproject.org/mailman/listinfo/oae-dev
