usernames should be case insensitive, right? #503
Comments
|
It isn't. We can probably also borrow the homoglyph detection algorithm from HTTPS Everywhere. They use that to verify (in part) the rulesets for the extension. As per casing, I'm 90% sure that GitHub forces entirely lowercase usernames. I don't know about twitter, or facebook. I'm fairly confident Google does force everything to be lowercase too though. |
|
A secondary thought, Google allows the following: Let's say you register an email account with Google, say |
|
OpenID should catch that with Google - it ties to Google account number, not an email. For instance, my Google ID is As an aside, Gmail also discards the |
|
Yeah the extensions are fairly widely supported (postfix supports them as |
|
I suppose this would mean adding a |
|
Hey @joonas @alexcouper: Is this something either of you would be able to look at? |
|
I'm pretty tied up for a while now TBH @whit537. In other news, I'm hoping to organise a sprint here with the python group in Reykjavik to work on something opensource. I'll be suggesting we do gittip. Others may have different ideas, but it'd be a nice blitzer. If/when it happens I'll get in touch before hand. |
|
No worries, @alexcouper. Definitely let me know if the sprint comes together around Gittip and I'll try to be online during it. |
|
+1 from Whit537: https://www.gittip.com/Whit537/ These guys trolled our latest hangout: |
|
Looks like you had some fun there... curses the internet |
|
1-up, user names should not be case sensitive. I don't know the code base well enough to make a pull request, but I think when someone goes to either /strand or /Strand they should go to my account. This should be resolvable by routing to a lower case name if we have a display_id/display_name column added to the db. |
|
I agree that usernames should be case insensitive, as in https://www.gittip.com/whit537/ and https://www.gittip.com/Whit537/ should take you to the same page. It makes the URL design better. And it just makes more sense in the long run (and you can always reverse this decision more easily if there's ever a pressing need). |
We need live search to populate the list of people who deserve the money for Gittip, but we need lower-cased usernames (#503) to properly implement search.
|
|
We've got 11 username casing conflicts. |
|
|
Rather than attempting to merge accounts for people, I think we should:
|
|
Gah, this is like Inception! I need to use participant.id as the primary key instead of username throughout the schema. |
|
No I don't. Stay focused, Chad! |
|
Can't we change usernames though? Seems like the pk should be something unique and unchangeable -- but maybe that's just me |
|
@whit537 Ah, okay. |
|
Done. #!/usr/bin/env python
import gittip
from gittip import wireup
wireup.db()
gittip.RESTRICTED_USERNAMES = []
from gittip.models import Participant
for line in open("foo"):
username = line.strip()
participant = Participant.query.get(username)
participant.change_username('_' + username)
print participant.username |
|
Okay! Deployed! Time to follow up with affected users. |
This was on there so we could populate the column initially. It's a bug if the application layer doesn't inserts new participant rows without this column set.
|
Dear @chase @encukou @erikrose @floft @JerrySievert @jiaaro @joelmccracken @limeburst @Lothiraldan @toomore, Greetings! I'm paging you because you have two Gittip accounts with the same username but just different casing. Sorry about that! I've cleaned up usernames so they're now case insensitive. The second account you created has been renamed, so you now have:
Here is how to fix up your situation:
You can scroll up for full details on this issue. Drop a line if something is amiss! :) |
|
Let's see how well that does. If we have any stragglers tomorrow I'll reach out on Twitter. |
|
it worked =) On Wed, Apr 10, 2013 at 10:20 PM, Chad Whitacre [email protected]:
|
|
Apparently. |
|
@joelmccracken Sweet! :) I actually see a 500 from you, investigating that ... |
|
Credit card and giving did not follow though |
|
Yeah I wanted to seeeee what would happen, refreshed, got a 500. So. On Wed, Apr 10, 2013 at 10:26 PM, Chad Whitacre [email protected]:
|
|
@joelmccracken Okay, fix deployed and db repaired (for that 500). |
|
@JerrySievert D'oh! Yeah, Balanced accounts don't survive merges yet. :( #818 Re: Giving. I show you giving to one person. Is that not expected? |
|
That is expected but my credit card info disappeared. Is that normal? |
|
@JerrySievert The credit card disappearing is a known bug: #818. Let me see what I can do ... |
|
@whit537, https://www.gittip.com/ReadTheDOCS/public.json gives error. Is that intentional, or are you planning to make it work in that case too? |
We were instantiating Participant directly in public.json. This updates it to use get_participant.
|
Good catch, @shurcooL. Try now? https://www.gittip.com/ReadTheDOCS/public.json Should redirect. |
|
@JerrySievert Your card should be fixed up, per #818. |
|
I'll get over it. |
|
@DeviaVir You should be able to change your username on Gittip. There should be an "Edit" button on your profile page. |
Sure seems like someone shouldn't be able to create a Whit537 account that's different from whit537. But how does this interact with Unicode? Casing is one kind of spoof attack. How hard are we going to try to protect against spoof attacks? Isn't that just a huge can of worms?
The text was updated successfully, but these errors were encountered: