User restriction rules not communicated on registration
| Project: | User restrictions |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
Access rules can constrain the characters allowed for usernames or they can exclude certain patterns.
Still, when somebody applies for a new account, she is not being adequately informed about the changed rules.
He is shown "Spaces are allowed; punctuation is not allowed except for periods, hyphens, and underscores." (at least after #131493 has been committed.)
Example 1: Blocked username
Access rule:
- deny username 'blof'.
On registration: The username 'blof' is refused with the error message "The name Blof has been denied access."
Commentary: As this username has been specifically blocked, it makes no sense to inform the user about that access rule before he enters the name. Moreover we don't want to expose usernames that have been specifically blocked to everybody. So that is okay.
Not okay is the error message "... has been denied access". This is confusing as this is a registration and no access.
the message should either read "Blof is no valid username. Please choose another username." or (to cloud specific access rules) "The username Blof is already taken. Please choose another username."
Example 2: Blocked pattern
Access rule:
- deny username '%admin%'.
On registration: The username 'Administrator' is refused with the error message "The name Administrator has been denied access."
Commentary: To inform the user about blocked patterns before he enters the name would result in a too long description text. Moreover we might not want to expose blocked patterns to everybody. So that is okay.
Not okay is the error message "... has been denied access". This is confusing as this is a registration and no access.
the message should either read "Administrator is no valid username. Please choose another username." or (to cloud specific access rules) "The username Administrator is already taken. Please choose another username."
Example 3: Blocked characters
Access rules:
- deny username '%ä%'.
- deny username '%ö%'.
- deny username '%ü%'.
- deny username '%ß%'.
On registration: The username 'Gerhard Schröder' is refused with the error message "The name Gerhard Schröder has been denied access."
Commentary: If some character is blocked, the user should be informed before he enters the name. So the field description should read like "Characters 'äöuß' are not allowed. Spaces are allowed. Punctuation is not allowed except for periods, hyphens, and underscores."
If this rule is ignored by the registrant, he should be informed by the error message "The username contains an illegal character", just as if he had entered a '#' or a '%' for example. Even better, if the message would be more detailed: "The username contains the illegal character 'ö'".
Example 4:Blocked spaces
Access rule:
- deny username '% %'.
On registration: The username 'Dries Buytaert' is refused with the error message "The name Dries Buytaert has been denied access."
Commentary: Similar to example 3. The field description should read 'Spaces are not allowed. Punctuation is not allowed except for periods, hyphens, and underscores."
If this rule is ignored by the registrant, the error message "Spaces are not allowed in usernames" should be thrown.
Solution?
I think all of this should be solvable within the given D6-timeframe and without too large changes. I'd just like to collect some opinions on this before creating a patch.
#1
#2
To quote Gábor from http://lists.drupal.org/pipermail/development/2007-December/027977.html: "RC1 is string freeze, so whatever needs modifications in the strings is generally postponed to Drupal 7."
#3
This is mine now, mwahahaha.