Piwik::checkValidLoginString(): allow "@" in login #1762

Closed
anonymous-piwik-user opened this Issue Oct 12, 2010 · 8 comments

Projects

None yet

3 participants

@anonymous-piwik-user

Currently, piwik explicitely forbid use of "@" in a user login. (only [a-zA-Z0-9-._] are allowed )

It doesn't make much sense to forbid the "@" and it make it impossible to integrate piwik with any service where the login is the email (such as lot of LDAP setup).

@anonymous-piwik-user

Fixing this bug is really easy :

core/Piwik.php, line 1595

replace:

&& (preg_match('/^[A-Za-z0-9_.-]*$/', $userLogin) > 0))

By

&& (preg_match('/^[@A-Za-z0-9_.-]*$/', $userLogin) > 0))

@anonymous-piwik-user

(I've tested it and it works great)

@robocoder

re: LDAP. Is this change necessary, given the LDAP plugin in #734?

@anonymous-piwik-user

I guess it is because it looks like the http_auth plugin is more interesting anyway. Ldap is only use to do authentification, piwik still do the authorization.

Comments in the bug related to the http_auth plugin seems to think the same;-)

@mattab
Piwik Analytics member

increasing priority, as it makes sense to allow @ in logins

@mattab
Piwik Analytics member

(In [3381]) Fixes #1762

@robocoder

(In [3388]) refs #1762 - fix unit test

@robocoder

(In [3646]) fixes #1970, refs #1762 - add more unit tests

@anonymous-piwik-user anonymous-piwik-user added this to the Piwik 1.1 milestone Jul 8, 2014
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment