Sanitize username in auth.createUser

Cwe · March 28, 2017, 7:49am

In an idprovider, users are created programatically. However the username is not sanitized, so creation will fail if say you pass in an email address, because ‘@’ is an invalid character.

I think createUser should sanitize the username automatically. Either that or have a method so it can be done before calling createUser.

I guess this could be useful for content names too. In content studio it happens on the fly when you type in a displayName. I could guess what characthers are illegal, but it would be much better to use the same method that is used in Enonic XP.

Cwe · March 28, 2017, 1:28pm

Support for ASCII isn’t to hard to implement.

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~

But starting on UNICODE it’s becomes a huge job, take for instance these:

ÆÐƎƏƐƔĲŊŒẞÞǷȜæðǝəɛɣĳŋœĸſßþƿȝĄƁÇĐƊĘĦĮƘŁØƠŞȘŢȚŦŲƯY̨Ƴąɓçđɗęħįƙłøơşșţțŧųưy̨ƴÁÀÂÄǍĂĀÃÅǺĄÆǼǢƁĆĊĈČÇĎḌĐƊÐÉÈĖÊËĚĔĒĘẸƎƏƐĠĜǦĞĢƔáàâäǎăāãåǻąæǽǣɓćċĉčçďḍđɗðéèėêëěĕēęẹǝəɛġĝǧğģɣĤḤĦIÍÌİÎÏǏĬĪĨĮỊĲĴĶƘĹĻŁĽĿʼNŃN̈ŇÑŅŊÓÒÔÖǑŎŌÕŐỌØǾƠŒĥḥħıíìiîïǐĭīĩįịĳĵķƙĸĺļłľŀŉńn̈ňñņŋóòôöǒŏōõőọøǿơœŔŘŖŚŜŠŞȘṢẞŤŢṬŦÞÚÙÛÜǓŬŪŨŰŮŲỤƯẂẀŴẄǷÝỲŶŸȲỸƳŹŻŽẒŕřŗſśŝšşșṣßťţṭŧþúùûüǔŭūũűůųụưẃẁŵẅƿýỳŷÿȳỹƴźżžẓ

Many of which are “translated”, not simply converted to “-”, some are simply removed.

So yeah access to the internal method would be useful…

Cwe · March 28, 2017, 2:25pm

Ascii and Norwegian chars would be something like this: (haven’t tested all scenarios)

exports.sanitizeName = function(name) {
	return name.toLowerCase()
		.replace(/[!"()]+/g, '') // ASCII removed.
		.replace(/[#$%&'*+,/:;<=>?@[\\\]^_`{|}~\s]+/g, '-') // ASCII replaced.
		.replace(/[æÆ]/g, 'ae').replace(/[øØ]/g, 'o').replace(/[åÅ]/g, 'a') // Norwegian chars.
		.replace(/--+/g, '-') // Two or more dashes becomes just one.
		.replace(/^[-.]+/, '') // Do not begin with - or .
		.replace(/[-.]+$/, ''); // Do not end in - or .
};

Cwe · March 30, 2017, 7:51am

Note: Added toLowerCase and \s to example above.

mer · April 7, 2017, 9:13am

We are investigating this.

aro · April 7, 2017, 10:35am

Making the character conversion covering all the possible cases is a bit complex, and JavaScript support for Unicode is limited.

I’m thinking of adding a function for this in lib-text-encoding, but you can already use the method from XP with this simple function:

function prettify(text) {
    var namePrettyfier = Java.type('com.enonic.xp.name.NamePrettyfier');
    return namePrettyfier.create(text);
}

mer · May 5, 2017, 9:13am

Hi @aro,

We want to add this to lib-common. Can you create a task for this?

Regards,
Morten

Cwe · May 12, 2017, 9:37am

Task made: https://github.com/enonic/xp/issues/4935