Description
Is there an existing issue for this?
- I have searched the existing issues
Describe the bug
The message for an invalid username is Username '{0}' is invalid, can only contain letters or digits. https://github.com/dotnet/aspnetcore/blob/main/src/Identity/Extensions.Core/src/Resources.resx#L164-L167
However, this message is produced when the username contains any characters not included in AllowedUserNameCharacters, a value which defaults to alphanumeric plus -._@+.
Expected Behavior
At the very least I'd expect the error message reflect what's actually allowed by the defaults. Bonus points if it reflected what's configured by the developer, but this would be quite difficult due to the way that the allowed characters are configured.
Steps To Reproduce
Repro is trivial:
- In an AspNetCore project w/ Identity, call
UserManager<T>.SetUserNameAsync(user, "userName!") - Observe that the error states the username can only contain letters and numbers.
- Change the username to
userName@example.com, observe that no error occurs despite containing characters other than letters and numbers as stated by the validation message.
Exceptions (if any)
No response
.NET Version
6.0.101
Anything else?
No response
Metadata
Metadata
Assignees
Type
Projects
Milestone
Relationships
Participants
Activity
adityamandaleeka commentedon Jan 7, 2022
Triage: we should correct the default here, and also make the message customizable since users can modify the set of allowed characters in the username.
ghost commentedon Jan 7, 2022
Thanks for contacting us.
We're moving this issue to the
.NET 7 Planningmilestone for future evaluation / consideration. We would like to keep this around to collect more feedback, which can help us with prioritizing this work. We will re-evaluate this issue, during our next planning meeting(s).If we later determine, that the issue has no community involvement, or it's very rare and low-impact issue, we will close it - so that the team can focus on more important and high impact issues.
To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.
ghost commentedon Nov 17, 2022
Thanks for contacting us.
We're moving this issue to the
.NET 8 Planningmilestone for future evaluation / consideration. We would like to keep this around to collect more feedback, which can help us with prioritizing this work. We will re-evaluate this issue, during our next planning meeting(s).If we later determine, that the issue has no community involvement, or it's very rare and low-impact issue, we will close it - so that the team can focus on more important and high impact issues.
To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.
ghost commentedon Nov 17, 2022
Thanks for contacting us.
We're moving this issue to the
.NET 8 Planningmilestone for future evaluation / consideration. We would like to keep this around to collect more feedback, which can help us with prioritizing this work. We will re-evaluate this issue, during our next planning meeting(s).If we later determine, that the issue has no community involvement, or it's very rare and low-impact issue, we will close it - so that the team can focus on more important and high impact issues.
To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.
Ingmar-Paetzold commentedon Dec 10, 2022
I just typed in an example from a Adam Freeman's book, where
.AllowedUserNameCharactersare set to lowercase letters a-z only.The default error message "... can only contain letters or digits" is definitely misleading, since no digits allowed. That would drive possible users crazy. (OK, granted, a site that only allows lowercase letters for user names probably needs to think about usability as well...)
Nevertheless, when customizing the usable alphabet is possible, then customizing the error message should be as well, allowing to refer to the special rules. Or is it already changeable?
lokisinary3d commentedon Dec 4, 2024
i got this error: Username is invalid, can only contain letters or digits.
if i add the user name field in registration and try to use user name like this: test user
but if i use: testuser
i do not see the error and found out that we cannot have space between the user name because it treating UserName as email also.
If any one know how to fix this provide the solution.
sander1095 commentedon Dec 17, 2024
I wouldn't mind having a look at this in the new year, however, I would like to hear from the ASP.NET Core team what kind of solution they'd like.
AllowedUserNameCharacters?