2017-13: Restrict Special Characters from OpenCCC Account Username Data Field

Owned by Patricia Donohue
Last updated: Jan 09, 2017
2 min read
Request No.2017-13
Date of RequestDecember 22, 2016
RequesterOpenCCC Helpdesk
Application(s)OpenCCC Account
JIRACCCFEDID-2138
Section / Page

Username & Password

Steering Hearing Date1.25.17
Proposed Change to Download FileNo
Proposed Change to Residency LogicNo

Problem / Issue

Students Issue: Not able to successfully sign into her account thru OpenCCC.net as well as directly thru the colleges website. She types in her correct username (B'ANGELO5) along with her correct password (removed for security reasons) and after clicking the sign in button, it just redirects her to the sign in page and nothing else.

I have attempted to sign in on my machine but the same issue occurs. Angelica has also attempted to sign in on her machine and she is unable to sign in as well.

After reviewing the data specs, we are allowing special characters in Usernames. We believe this needs to be revised to only include letters and numbers. Patty is reaching out to CISO and CTO to determine if there is any reason why we would not want to restrict special characters and if not we will write up the requirements to revise the code ASAP.


Here's what the current error validation says:

Must be unique (i.e., not already in use for another account); else error message: 
"The Username you entered is already in use. Please enter a different Username. (You might try adding a number to the end of the name entered.)"

Must not be blank, fewer than six characters, include spaces, or characters other than numbers, letters, or the following special characters: !#%&()*+,-./:; =? @[]^_`{} ~. else error message: 
"Your Username must be between 6 and 128 characters long. Your Username cannot include spaces or characters other than letters, numbers, and the following punctuation: !#%&()*+,-./:; =?@[]^_`{}~." 

Proposed Solution

Update the specifications for the "Username" field used for OpenCCC Account. 

User should only be allowed to use letters and numbers in the creation of their OpenCCC Account Username and Passwords. 

Plan to address existing accounts - similar to how we addressed the issue with the $ < and > characters in 2016 - will be determined based on outcome of change request decision.

Notes

Chris Franz (Unicon Support)
Dec 15, 07:51 PST

There are 33 users in prod with apostrophe's in their username, including the user in question. If this is indeed the issue, we're going to test in the  CI environment, we'll want to create a jira to not allow usernames with apostrophes when accounts are created.

cccuser=# select username from users where username like '%''%';

username

C'ENDAN
CONNORPATRICKO'
MYS'TEREE
A'SKITTEN
MO'NAY
B'ANGELO5
DA'NESHAJACKSON
RICKO'SHEA
O'NEILLZWHEELZ
KE'ALOHALANI
A'KHARIIVY13
CALL_ME_THE_BREEZE'72
DA'VION
BALLETC'ESTLEMEUX
*PANDORA'SBOX!
KEVI'SMOM
K'AYLA
ZIGA'RELLO
ROBERTOMACKIN'
ZEMO'Z69
MONEY'5
DE'RAY
TED'S3RDMOM
BARBRA'SMAN2013
MO'CONNOR
ABNEY'SMOMMY12
KA'MEL
HARRY'S
ROCIOS'C
CHRIS'Z01
HMARTEL'SMARTEL
ISH'SWIFE
EASTON'SMOM13
(33 rows)


Supporting Documentation

See the OpenCCC Account Data Dictionary v.2017.1