dotnet/aspnetcore

Identity: Message for invalid username does not reflect actual permitted characters.

Open

#39.375 aberto em 7 de jan. de 2022

Ver no GitHub
 (7 comments) (0 reactions) (0 assignees)C# (10.653 forks)batch import
area-identityhelp wanted

Métricas do repositório

Stars
 (37.933 stars)
Métricas de merge de PR
 (Mesclagem média 16d 9h) (258 fundiu PRs em 30d)

Description

Is there an existing issue for this?

  • I have searched the existing issues

Describe the bug

The message for an invalid username is Username '{0}' is invalid, can only contain letters or digits. https://github.com/dotnet/aspnetcore/blob/main/src/Identity/Extensions.Core/src/Resources.resx#L164-L167

However, this message is produced when the username contains any characters not included in AllowedUserNameCharacters, a value which defaults to alphanumeric plus -._@+.

Expected Behavior

At the very least I'd expect the error message reflect what's actually allowed by the defaults. Bonus points if it reflected what's configured by the developer, but this would be quite difficult due to the way that the allowed characters are configured.

Steps To Reproduce

Repro is trivial:

  • In an AspNetCore project w/ Identity, call UserManager<T>.SetUserNameAsync(user, "userName!")
  • Observe that the error states the username can only contain letters and numbers.
  • Change the username to userName@example.com, observe that no error occurs despite containing characters other than letters and numbers as stated by the validation message.

Exceptions (if any)

No response

.NET Version

6.0.101

Anything else?

No response

Guia do colaborador