-
Notifications
You must be signed in to change notification settings - Fork 26
Specifications ‐ User Data
hbh7 edited this page Nov 8, 2021
·
11 revisions
Username:
- Use joi:
username: Joi.string().pattern(new RegExp('^(?=.{3,32}$)[a-zA-Z0-9\-._]+$'))
- Regex:
^(?=.{3,32}$)[a-zA-Z0-9\-._]+$
(this is case insensitive) - Minimum 3 characters, maximum 32 characters.
- Case insensitive, but store with case preserved. Convert both to lowercase for comparing.
- Valid characters:
a-z0-9-._
(alphanumeric, underscore, dash, period). - "bad words" check (check username against unapproved words dictionary (TBD)).
- By default, users are not allowed to change this after registration. If using school registration, this may be automatically set (and will have the school name as a prefix).
- To facilitate this, school account usernames will be formatted as such:
__<school name>_<username from school login system>
. Example:__RPI_sisman
. - As a side effect, usernames starting with
__
(2 underscore characters) will be disallowed to sign up with using the Poll Buddy login system. This is designed to prevent name conflicts across the various authentication systems.
- To facilitate this, school account usernames will be formatted as such:
eMail:
- Use joi:
email: Joi.string().email({tlds: {allow: false}, minDomainSegments: 2}).max(320).required()
- Case insensitive, but store with case preserved. Convert both to lowercase for comparing.
- By default, users are allowed to change this after registration. If using school registration, this may be automatically set and/or locked for editing.
Password:
- Use joi:
password: Joi.string().pattern(new RegExp('^(?=.{10,256})(?:(.)(?!\\1\\1\\1))*$')).pattern(new RegExp('^.*[0-9].*$')).pattern(new RegExp('^.*[A-Z].*$'))
- Regexes:
-
^(?=.{10,256})(?:(.)(?!\\1\\1\\1))*$
checks the length of the password and ensures that the same character does not appear 4 (or more) times in a row -
^.*[0-9].*$
ensures that there is at least one digit -
^.*[A-Z].*$
ensures there is always an uppercase character
-
- Minimum 10 characters, maximum 256 characters.
- Must match exactly.
- Any unicode character should be valid, but handling should ensure that bad input returns an error and not a crash (think things like non-breaking space character, very weird non-standard languages, etc.).
- Disallow more than 4 of the same characters in a row.
- Ideally, also include a check for dictionary words and commonly used and/or breached passwords, but that is low priority. (TBD)
- By default, users are allowed to change this after registration. If using school registration, this cannot be set or changed.
First Name:
- Use joi:
firstname: Joi.string().min(1).max(256)
- Minimum 1 character, maximum 256 characters.
- Case sensitive.
- Any unicode character should be valid, but handling should ensure that bad input returns an error and not a crash (think things like non-breaking space character, very weird non-standard languages, etc.).
- By default, users are allowed to change this after registration. If using school registration, this may be automatically set and/or locked for editing.
Last Name:
- Use joi:
lastname: Joi.string().allow('').max(256)
- Minimum 0 characters (can be left blank if not needed), maximum 256 characters.
- Case sensitive.
- Any unicode character should be valid, but handling should ensure that bad input returns an error and not a crash (think things like non-breaking space character, very weird non-standard languages, etc.).
- By default, users are allowed to change this after registration. If using school registration, this may be automatically set and/or locked for editing.