Forbid Usernames With No Letters

[Cernelius]

Currently in lobby there is a user called "---".

That is not against any rules I know of, but I think it would be better if names like that or also numbers-only are not allowed.

Also maybe up to 12 characters only.

[Cernelius]

I meant that being merely engine enforced, in the moment you try to log in; not the mods banning or adding it to the rules or anything like that.

[Cernelius]

Now there is one called "----", instead (not sure if the same user).

[DanVanAtta]

@Cernelius reviving this old topic, would you mind sharing a recommendation for validation rules? We have a lot of flexibility for what to reject/accept, I'm curious if you have any thoughts for a starting point.

[prastle]

We could give you a long list but the simple answer is an l can't look like an I
in the forum or on logins nor any other letter. L i

[DanVanAtta]

Well, we need an exact requirement list to code up. The easiest thing is to allow anything. Any other rules we need to explicitly add.

I'm thinking:

• min length 3
• max length 15
• alpha-numeric only, no symbols

It's not worth going to town on the rules, they should be simple here or it'll be confusing and/or painful to code.

[RoiEXLab]

@DanVanAtta A thing to consider is potentially asian characters we want to allow.

[Cernelius]

These are my suggestions, but under them a few users will have to remake their names:

1. Must be 4 to 20 characters long.
2. Nothing is case sensitive (Cernel=cernel=CERNEL).
3. Only latin letters plus the W, arabic numbers, the underscore and the short dash are acceptable (so no spaces either).
4. Must start with a letter (not with numbers or dash or underscore) (which implies they will have at least a letter in them).
5. Only letters and numbers can be followed by the same character (meaning you can have "a_aa_", but not "a___a").

[Cernelius]

Right, this is off topic, but both in the forum and the lobby please be sure to adopt fonts that are highly distinctive (typical example, the lower case "L" being easy to tell apart from the upper case "I" (the first one should be curved to the right on top and the second one should have horizontal bars both above and below the vertical body)).

[panther2]

When the forums of axisandallies .org switched to NodeBB recently, we experienced PBF-problems with usernames that contained spaces or certain special characters.
For details please see:
https://www.axisandallies.org/forums/topic/32495/new-triplea-with-new-forums-user-does-not-exist-error
and
https://www.axisandallies.org/forums/post/1237061

So my recommendation would be to allow only characters that don't cause any problems for PBF on NodeBB. We experienced the problems with spaces and periods. Unfortunately I don't know which other characters might cause problems for that special use case.

[RoiEXLab]

@panther2 PBF has nothing to do with lobby usernames. They are not affected.
However you should probably open an issue to track this. I just realized that it's super easy to fix this problem, and to re-add support for emails based login.

[panther2]

@RoiEXLab

PBF has nothing to do with lobby usernames. They are not affected.

Being aware that there is no direct connection between lobby names and PBF I see cases where people choose identical names for the lobby as well as for the forum (what would affect PBF then).

However you should probably open an issue to track this. I just realized that it's super easy to fix this problem, and to re-add support for emails based login.

Thank you. For my understanding: I have been told that the PBF problem caused for example by 'space' or 'period' are a NodeBB issue rather than a TripleA issue, as NodeBB somehow converts those characters. That is why on the forum we currently recommend to change usernames avoiding spaces and periods inside.
So I am not sure where to file an issue at the moment... (NodeBB or TripleA).

Also I am not sure if I would prefer offering an additional email based login for PBF over a respective user name rule - as another experience is that some users better remember their user name than the mail address they originally registered with.

[RoiEXLab]

@panther2 It's kinda a triplea issue but not 100% More like 99%
NodeBB provides special URL endpoints we can call to gather information we need about a specific user in order to post something with their identity. Namely their user id, a number for everything.
So TripleA calls forumdomain.com/api/user/<username> to retrieve the id.
However as you already noticed it only accepts so called 'slugified' versions of the username that removes dots and underscores etc. to make the username look pretty in the url.

Today I learned that I should've been using forumdomain.com/api/user/username/<username> which accepts the unmodified username and forumdomain.com/api/user/email/<email> all along.

So yeah, technically my fault but to my defense I haven't been able to find a good documentation for the API.
I had to go through the source code of nodebb itself to find this information.

[panther2]

Thank you, @RoiEXLab , for this interesting background information.

[DanVanAtta]

@Cernelius this is a good list.

(1) Must be 4 to 20 characters long.

Should we really disallow names like "Bob", "Dan", "Pat", etc?
If we go to 4, are we suffering from the N+1 problem? Notably basically again 4 letter names could still be too short and maybe not descriptive enough.

(2) Nothing is case sensitive (Cernel=cernel=CERNEL).

I'm a bit surprised it seems there was no logic to prevent "taking' the name of an existing user by just altering the casing. #5079 addresses this and disallows login if desired name (case insensitive) matches a logged in name (registered or anonymous)

(3) Only latin letters plus the W, arabic numbers, the underscore and the short dash are acceptable (so no spaces either).

This is already the case : )
Though, I don't fully understand what is meant by "plus the W", 'W' is a latin character, no? I might be missing something.

(4) Must start with a letter (not with numbers or dash or underscore) (which implies they will have at least a letter in them).

#5078 addresses this

(5) Only letters and numbers can be followed by the same character (meaning you can have "a_aa_", but not "a___a").

This is technically not quite trivial to do. A regex could be crafted to match for this, but the error mesage to inform a user how the name is invalid would be a bit tricky. Even with this rule, a name like "a_a_" would still be allowed. I'm not sure if that is fundamentally different from, for example: "a__a"

[DanVanAtta]

Closing, please feel free to re-open if there is more to discuss

[Cernelius]

I'm reading it and I don't fully understand what has been done, exactly. If it can be fully summarized, it would be good.

Just pasting here a reported example in lobby:

66968585558555888788888588888898888888 has joined
(4:06:57 PM) 66968585558555888788888588888898888888: gggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggg
(4:06:59 PM) 66968585558555888788888588888898888888: ggggg
(4:07:36 PM) 66968585558555888788888588888898888888: 6656565656669699666969669696666+6666666+665555555565565565555555555555555555555552555585555
MIDVALCRE has joined
(4:08:26 PM) 66968585558555888788888588888898888888: sweeeeeee
(4:08:37 PM) 66968585558555888788888588888898888888: eedederereeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
(4:08:43 PM) ip_man49: reported
(4:08:43 PM) 66968585558555888788888588888898888888: eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
66968585558555888788888588888898888888 has left

What I understand is that this would be still allowed, correct?

I really don't understand why limiting names to 4 to 20 characters and imposing starting with a letter (not a number) can be not agreeable. However, if you prefer, even 2 to 20 I guess would be somewhat reasonable.

Regardless, thanks for what done. I agree with all I understand it has been done.

[Cernelius]

I actually suggest the minimum number of characters should be the minimum number of letters the name should start with. So, if 4 is the minimum number of characters, also the first 4 characters of the name must be letters (numbers allowed only from the 5th onwards).