-
Notifications
You must be signed in to change notification settings - Fork 112
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow user to change account username #1130
Comments
Makes sense. We should apply as few limits as possible.
+1, agree low priority and enhancement
…On Fri, Mar 18, 2022 at 17:46 netravnen ***@***.***> wrote:
*Is your feature request related to a problem? Please describe.*
N/A
*Who is affected by the problem?*
N/A
*What is the impact?*
N/A
*Are there security concerns?*
N/A
*Are there privacy concerns?*
N/A
*Describe the solution you'd like*
Allow user to change their username the same way users are allowed to
change their E-mail address.
*Do you think this feature will require a formal design?*
No.
Changing an account username is somewhat normal to allow. Albeit with a
built-in rate-limit of how often a username can be changed to avoid users
'just' changing their username willy-nilly. (e.g. once every 30/60/90/180
days)
*Describe alternatives you've considered*
N/A
*Could this feature request need support from the Admin Committee?*
@peeringdb/ac <https://github.com/orgs/peeringdb/teams/ac> could
optionally provide input, yes. E.g. how many cases per year where users
request their username changed. (I suspect many users are oblivious to this
possibility existing, since it requires a ticket to AC. Plus this
possibility is not mentioned in the Docs as of today)
*What is the proposed priority?*
not urgent
*Provide a rationale for any/all of the above*
Allow users to change their username if changing companies/departments.
This is relevant for *any* user who used their E-mail address as their
username, too. Since this is two different fields in the database.
*Additional context*
We should expose this option at https://peeringdb.com/profile, along with
1. change E-mail and 2. change password.
[image: image]
<https://user-images.githubusercontent.com/1938389/159086684-9544b21b-d302-45ee-9fb6-8cfda0414842.png>
—
Reply to this email directly, view it on GitHub
<#1130>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AFA2YQX62BGPDQF4FEKFMD3VAT2TBANCNFSM5RC7J2UQ>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
+1, and now limits |
+1 |
2 similar comments
+1 |
+1 |
There should be very few limits. The seven FCC dirty words is the only limit I would support since users know best how and what they want their usernames to be. And only to maintain a level of decorum. There should be no opportunity or responsibility of the admin committee to apply subjective opinions on usernames. |
I don't think there should be any limits, there aren't now. I might agree on a limit to period between changes, but what difference does it make really? The username isn't exposed anywhere that I can think of except authorized OAuth applications. |
Im just pandering to the opposition. If there is none Im on board. I
would like to consider the decorum argument, but Id interconnect with
username: fukboi if it mattered to me business wise. $0.02
…On Sat, Mar 19, 2022 at 21:30 Matt Griswold ***@***.***> wrote:
I don't think there should be any limits, there aren't now.
I might agree on a limit to period between changes, but what difference
does it make really?
The username isn't exposed anywhere that I can think of except authorized
OAuth applications.
—
Reply to this email directly, view it on GitHub
<#1130 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AFA2YQXD2VDP63N5ITNW45DVAZ5UJANCNFSM5RC7J2UQ>
.
You are receiving this because you were assigned.Message ID:
***@***.***>
|
Why do you want to put a limit on the period between changes? I can't see any reason. |
I was responding to the initial report, I can't think of a reason that we'd need to. |
malicious abusers attempting to suck resources? |
I’m onboard with abuse concerns. How does username change allow resource
abuse and at what scale? Wolf or kippy kat?
Thanks
…-M<
On Mon, Mar 21, 2022 at 16:27 Peter Helmenstine ***@***.***> wrote:
malicious abusers attempting to suck resources?
—
Reply to this email directly, view it on GitHub
<#1130 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AFA2YQUF564HDDT23AL5OFTVBDLR3ANCNFSM5RC7J2UQ>
.
You are receiving this because you were assigned.Message ID:
***@***.***>
|
I don't see this attack vector. Username changes can't really be automated as you will have to approve this change via email. |
There are already global and granular API limits to protect resources as well, FWIW. |
Im +1 but encourage the decorum discussion.
…On Mon, Mar 21, 2022 at 19:27 Matt Griswold ***@***.***> wrote:
There are already global and granular API limits to protect resources as
well, FWIW.
—
Reply to this email directly, view it on GitHub
<#1130 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AFA2YQXETNZQK4UWBLSHJDDVBEAUVANCNFSM5RC7J2UQ>
.
You are receiving this because you were assigned.Message ID:
***@***.***>
|
summary
|
Allow user to change account username #1130 See merge request gh/peeringdb/peeringdb!341
* Carrier object implementation #909 * API keys: disabling of user account by a PeeringDB admin does not disable access via a User API key. Also no disable mech, only revoke. #1140 * Ops: django needs lightweight healthcheck route that confirms database connectivity #1284 * Ops: various indexes are needed #1285 * API requests with invalid Authentication headers should notify users in some way. #1220 * Allow user to change account username #1130 * UX to remove carriers from facilities more inline the other similar UX * more UX fixes for removing carriers from facilities * Cache hints are needed for optimal CDN use #970 * fixes Commandline tool "Run command" button gone #1278 * RIR status gets deleted when changes are made to the network #1279 * Improve MTU field #658 * CSRF cookie not set error from email confirmation view #1296 * expose CSP_CONNECT_SRC * fix confirm email path checking in session middleware * Ops: Emails to OPERATIONS_EMAIL need to be rate-limited #1282 * add website field to carrier ux * website field on carrier optional with org fallback * linting * add *.google-analytics.com to CSP_CONNECT_SRC * poetry relock * fix issues with confirm-email reverse during session creation validation * fix tests * fix tests * pin django-peeringdb to support_202211 * linting * django ratelimit to <4 * regen docs * fix automated net stats to only include networks with status `ok` #1283 * linting * poetry lock Co-authored-by: Matt Griswold <grizz@20c.com>
Is your feature request related to a problem? Please describe.
N/A
Who is affected by the problem?
N/A
What is the impact?
N/A
Are there security concerns?
N/A
Are there privacy concerns?
N/A
Describe the solution you'd like
Allow user to change their username the same way users are allowed to change their E-mail address.
Do you think this feature will require a formal design?
No.
Changing an account username is somewhat normal to allow. Albeit with a built-in rate-limit of how often a username can be changed to avoid users 'just' changing their username willy-nilly. (e.g. once every 30/60/90/180 days)
Describe alternatives you've considered
N/A
Could this feature request need support from the Admin Committee?
@peeringdb/ac could optionally provide input, yes. E.g. how many cases per year where users request their username changed. (I suspect many users are oblivious to this possibility existing, since it requires a ticket to AC. Plus this possibility is not mentioned in the Docs as of today)
What is the proposed priority?
not urgent
Provide a rationale for any/all of the above
Allow users to change their username if changing companies/departments. This is relevant for any user who used their E-mail address as their username, too. Since this is two different fields in the database.
Additional context
We should expose this option at https://peeringdb.com/profile, along with 1. change E-mail and 2. change password.
The text was updated successfully, but these errors were encountered: