opensrp/fhircore

[Discussion] Should usernames be case sensitive?

Closed this issue · 0 comments

joyce-x-chen commented

Describe the issue
When testing the GIZ PATH EIR Product Suite, I noticed that username is not case sensitive when logging in through the app. Is this by design, a bug, or not yet decided?

(Note: password is case sensitive, as it should be)

Additional context
Case sensitive usernames may offer slightly more security, but we would also want to prevent duplicate user names (with different case variations) from being created - both in the Web UI and via bulk upload.

Acceptance criteria
Whatever is decided, it should be consistently implemented throughout the platform, with a constraint message as appropriate:

  • Web frontend (creation, editing, view)
  • Bulk import (creation, editing)
  • App (login)
  • Keycloak (configuration? please elaborate...)
  • etc (please elaborate)

Recommended next steps
Product team to discuss this and come to a decision.

cc: @f-odhiambo @dubdabasoduba @ageryck @allan-on @ndegwamartin @pld @rowo