Skip to content

Specifications ‐ User Data

Jump to bottom
hbh7 edited this page Nov 8, 2021 · 11 revisions

User Accounts

Username:

  • Use joi: username: Joi.string().pattern(new RegExp('^(?=.{3,32}$)[a-zA-Z0-9\-._]+$'))
  • Regex: ^(?=.{3,32}$)[a-zA-Z0-9\-._]+$ (this is case insensitive)
  • Minimum 3 characters, maximum 32 characters.
  • Case insensitive, but store with case preserved. Convert both to lowercase for comparing.
  • Valid characters: a-z0-9-._ (alphanumeric, underscore, dash, period).
  • "bad words" check (check username against unapproved words dictionary (TBD)).
  • By default, users are not allowed to change this after registration. If using school registration, this may be automatically set (and will have the school name as a prefix).
    • To facilitate this, school account usernames will be formatted as such: __<school name>_<username from school login system>. Example: __RPI_sisman.
    • As a side effect, usernames starting with __ (2 underscore characters) will be disallowed to sign up with using the Poll Buddy login system. This is designed to prevent name conflicts across the various authentication systems.

eMail:

  • Use joi: email: Joi.string().email({tlds: {allow: false}, minDomainSegments: 2}).max(320).required()
  • Case insensitive, but store with case preserved. Convert both to lowercase for comparing.
  • By default, users are allowed to change this after registration. If using school registration, this may be automatically set and/or locked for editing.

Password:

  • Use joi: password: Joi.string().pattern(new RegExp('^(?=.{10,256})(?:(.)(?!\\1\\1\\1))*$')).pattern(new RegExp('^.*[0-9].*$')).pattern(new RegExp('^.*[A-Z].*$'))
  • Regexes:
    • ^(?=.{10,256})(?:(.)(?!\\1\\1\\1))*$ checks the length of the password and ensures that the same character does not appear 4 (or more) times in a row
    • ^.*[0-9].*$ ensures that there is at least one digit
    • ^.*[A-Z].*$ ensures there is always an uppercase character
  • Minimum 10 characters, maximum 256 characters.
  • Must match exactly.
  • Any unicode character should be valid, but handling should ensure that bad input returns an error and not a crash (think things like non-breaking space character, very weird non-standard languages, etc.).
  • Disallow more than 4 of the same characters in a row.
  • Ideally, also include a check for dictionary words and commonly used and/or breached passwords, but that is low priority. (TBD)
  • By default, users are allowed to change this after registration. If using school registration, this cannot be set or changed.

User Information

First Name:

  • Use joi: firstname: Joi.string().min(1).max(256)
  • Minimum 1 character, maximum 256 characters.
  • Case sensitive.
  • Any unicode character should be valid, but handling should ensure that bad input returns an error and not a crash (think things like non-breaking space character, very weird non-standard languages, etc.).
  • By default, users are allowed to change this after registration. If using school registration, this may be automatically set and/or locked for editing.

Last Name:

  • Use joi: lastname: Joi.string().allow('').max(256)
  • Minimum 0 characters (can be left blank if not needed), maximum 256 characters.
  • Case sensitive.
  • Any unicode character should be valid, but handling should ensure that bad input returns an error and not a crash (think things like non-breaking space character, very weird non-standard languages, etc.).
  • By default, users are allowed to change this after registration. If using school registration, this may be automatically set and/or locked for editing.
Clone this wiki locally