Restrict Special Characters in Account Usernames
Background
OpenCCC Helpdesk reports issues from students:
Student (CCCID = ) is Not able to successfully sign into her account thru OpenCCC.net as well as directly thru the colleges website. She types in her correct username (B'ANGELO5) along with her correct password (removed for security reasons) and after clicking the sign in button, it just redirects her to the sign in page and nothing else.
<< Merrie Wales, December 20, 2016 >>
I have attempted to sign in on my machine but the same issue occurs. (student name) has also attempted to sign in on her machine and she is unable to sign in as well.
After reviewing the data specs, we are allowing special characters in Usernames. We believe this needs to be revised to only include letters and numbers. Patty is reaching out to CISO and CTO to determine if there is any reason why we would not want to restrict special characters and if not we will write up the requirements to revise the code ASAP.
Here's what the current error validation says:
- Must be unique (i.e., not already in use for another account); else error message:
"The Username you entered is already in use. Please enter a different Username. (You might try adding a number to the end of the name entered.)" - Must not be blank, fewer than six characters, include spaces, or characters other than numbers, letters, or the following special characters: !#%&()*+,-./:; =? @[]^_`{} ~. else error message:
"Your Username must be between 6 and 128 characters long. Your Username cannot include spaces or characters other than letters, numbers, and the following punctuation: !#%&()*+,-./:; =?@[]^_`{}~."
Update
Per development team, our system cannot handle special characters in the Username field, from a technical perspective.
This is was presented to the CCCApply Steering Committee for review and guidance on March 7, 2017. Per the discussion among the Steering members, they believe this is a high-priority "student workflow" issue that is creating blockers for students who create their Usernames with these special characters (because we currently allow them) but our system cannot technically support them. Is there something that can be implemented after our move to AWS that would allow OpenCCC to manage special characters? If yes, investigate the level of effort and move forward. If not, Steering would like to restrict ALL special characters in the Username field to prevent blockers from occuring in the future.
- After OpenCCC is moved over to Amazon Web Services from Rackspace, investigate available technical and security services available to support special characters in Username.
- If nothing can be done - technically - create a JIRA to restrict special characters from Username field and update the Data Dictionary, post on the CCCHelp.info site, and notify colleges.
- Patricia Donohue Update Steering on status of this issue (2017-13: Restrict Special Characters in Username Field at the April 26 Steering meeting.)
Action items
- Patricia Donohue Email Tim and Jeff for help understanding current specifications.
- Patricia Donohue Based on decision and/or information, create change request and reprioritize the BUG issue (currently pending sprint planning):
- Patricia Donohue Update Data Dictionary (OpenCCC Account Data Dictionary v.2017.1 (CI version) ) accordingly.