Make username validation configurable or less restrictive

Question

Make username validation configurable or less restrictive

klues opened this issue a year ago · 1 comments

I've just migrated from superlogin to couch-auth, so first thanks for your work creating an up-to-date version of this framework!

Since the way usernames are stored and database names are chosen is differently in couch-auth (key value in user doc and <prefix><user-id> for database name), I think the validation of the username could be less restrictive:

user.ts#L102: I think there would be no problem if a username starts with _
util.ts#L13: I think there would be no problem in allowing usernames with uppercase letters or longer than 16 chars

So my proposal would be to just use a regex like /^[A-Za-z0-9_-]{2,50}$/ or to make it configurable.

Answer 1 · 2023-09-27T14:55:06.000Z

Glad if you're using it!

Yeah, the 16 char limitation most likely comes from an early version of CouchDB and superlogin where the username was identical to the database name. Making it configurable via config.ts + providing the current regex as default sounds reasonable to me.

I think I'll implemented that myself + clean up something else in the key - logic.