#4442 - Option to allow spaces in usernames

- Added option - Added test - Added documentation
inception-project · Jan 22, 2024 · acdcd1c · acdcd1c
1 parent d74e081
commit acdcd1c
Show file tree

Hide file tree

Showing 6 changed files with 46 additions and 4 deletions.
diff --git a/...eption-security/src/main/java/de/tudarmstadt/ukp/clarin/webanno/security/UserDaoImpl.java b/...eption-security/src/main/java/de/tudarmstadt/ukp/clarin/webanno/security/UserDaoImpl.java
@@ -488,8 +488,8 @@ public List<ValidationError> validateUsername(String aName)
         }
 
         // Do not allow space
-        if (containsAnyCharacterMatching(aName, Character::isWhitespace)) {
-            errors.add(new ValidationError("Username cannot contain a space character") //
+        if (containsAnyCharacterMatching(aName, this::isWhitespaceIllegalInUsername)) {
+            errors.add(new ValidationError("Username cannot contain whitespace") //
                     .addKey(MSG_USERNAME_ERROR_ILLEGAL_SPACE));
             return errors;
         }
@@ -552,6 +552,15 @@ public List<ValidationError> validateUsername(String aName)
         return errors;
     }
 
+    private boolean isWhitespaceIllegalInUsername(char ch)
+    {
+        if (securityProperties.isSpaceAllowedInUsername() && ch == ' ') {
+            return false;
+        }
+
+        return Character.isWhitespace((int) ch);
+    }
+
     @Override
     public boolean isValidUsername(String aName)
     {

diff --git a/...y/src/main/java/de/tudarmstadt/ukp/clarin/webanno/security/config/SecurityProperties.java b/...y/src/main/java/de/tudarmstadt/ukp/clarin/webanno/security/config/SecurityProperties.java
@@ -53,4 +53,6 @@ public interface SecurityProperties
     Pattern getUsernamePattern();
 
     Pattern getPasswordPattern();
+
+    boolean isSpaceAllowedInUsername();
 }
diff --git a/...c/main/java/de/tudarmstadt/ukp/clarin/webanno/security/config/SecurityPropertiesImpl.java b/...c/main/java/de/tudarmstadt/ukp/clarin/webanno/security/config/SecurityPropertiesImpl.java
@@ -31,6 +31,7 @@ public class SecurityPropertiesImpl
     private String defaultAdminUsername;
     private String defaultAdminPassword;
     private boolean defaultAdminRemoteAccess = false;
+    private boolean spaceAllowedInUsername = false;
 
     public static final int HARD_MINIMUM_PASSWORD_LENGTH = 0;
     public static final int DEFAULT_MINIMUM_PASSWORD_LENGTH = 8;
@@ -152,4 +153,15 @@ public void setPasswordPattern(Pattern aPasswordPattern)
     {
         passwordPattern = aPasswordPattern;
     }
+
+    @Override
+    public boolean isSpaceAllowedInUsername()
+    {
+        return spaceAllowedInUsername;
+    }
+
+    public void setSpaceAllowedInUsername(boolean aSpaceInUsernameAllowed)
+    {
+        spaceAllowedInUsername = aSpaceInUsernameAllowed;
+    }
 }
diff --git a/...ain/resources/META-INF/asciidoc/admin-guide/security-authentication-policy.adoc b/...ain/resources/META-INF/asciidoc/admin-guide/security-authentication-policy.adoc
@@ -64,6 +64,10 @@ NOTE: In addition to the restrictions imposed here, {product-name} may impose ad
 | `.*`
 | `(?=.\*[a-z])(?=.*[A-Z])(?=.\*[0-9])(?=.*\p{Punct}).*`
 
+| `security.space-allowed-in-username`
+| Whether simple space characters are permitted in usernames. Enable this option only when necessary to restore access to existing accounts in certain scenarios such as when using external authentication. Usernames with spaces may lead to problems e.g. when exporting/importing projects or documents or when constructing certain URLs.
+| `false`
+| `true`
 |===
 
 
diff --git a/...on-security/src/test/java/de/tudarmstadt/ukp/clarin/webanno/security/UserDaoImplTest.java b/...on-security/src/test/java/de/tudarmstadt/ukp/clarin/webanno/security/UserDaoImplTest.java
@@ -45,7 +45,9 @@
 import de.tudarmstadt.ukp.clarin.webanno.security.config.SecurityPropertiesImpl;
 import de.tudarmstadt.ukp.clarin.webanno.security.model.User;
 
-@DataJpaTest(showSql = false)
+@DataJpaTest(showSql = false, //
+        properties = { //
+                "spring.main.banner-mode=off" })
 @EnableAutoConfiguration
 @ImportAutoConfiguration( //
         exclude = { LiquibaseAutoConfiguration.class }, //
@@ -70,6 +72,7 @@ void setup()
         securityProperties.setMaximumUsernameLength(DEFAULT_MAXIMUM_USERNAME_LENGTH);
         securityProperties.setMinimumPasswordLength(DEFAULT_MINIMUM_PASSWORD_LENGTH);
         securityProperties.setMaximumPasswordLength(DEFAULT_MINIMUM_PASSWORD_LENGTH);
+        securityProperties.setSpaceAllowedInUsername(false);
     }
 
     @Test
@@ -121,6 +124,18 @@ void thatUsernamePatternIsRespected()
         assertThat(userDao.isValidUsername("ay")).isFalse();
     }
 
+    @Test
+    void thatAllowingSpaceInUsernameWorks()
+    {
+        securityProperties.setMinimumUsernameLength(0);
+
+        securityProperties.setSpaceAllowedInUsername(false);
+        assertThat(userDao.isValidUsername("a z")).isFalse();
+
+        securityProperties.setSpaceAllowedInUsername(true);
+        assertThat(userDao.isValidUsername("a z")).isTrue();
+    }
+
     @Test
     void thatInvalidDefaultUserNameIsRejected()
     {

diff --git a/.../src/main/java/de/tudarmstadt/ukp/clarin/webanno/ui/core/WicketApplicationBase.properties b/.../src/main/java/de/tudarmstadt/ukp/clarin/webanno/ui/core/WicketApplicationBase.properties
@@ -132,7 +132,7 @@ password.error.pattern-mismatch=Password invalid. It must match the pattern ${pa
 password.error.control-characters=Password cannot contain any control characters
 
 username.error.blank=Username cannot be empty or blank
-username.error.illegal-space=Username cannot contain a space character
+username.error.illegal-space=Username cannot contain whitespace
 username.error.illegal-characters=Username cannot contain any of these characters: ${chars}
 username.error.control-characters=Username cannot contain any control characters
 username.error.reserved=Username is reserved