User registration username selection

Bug #1720237 reported by Cecilia Vela Gurovic on 2017-09-28
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Cecilia Vela Gurovic

Bug Description

When we have user registration allowed for an institution and a new user is registered with empty "first name" and empty "last name", then the system generates a new "username" that is a number. See image attached.
We need to change it to a word plus a number, like for example 'user1', 'user4', 'user56'.

Changed in mahara:
status: New → Confirmed
importance: Undecided → Medium

Cecilia, can you please provide the test scenario? When you have self-registration turned on, first name and last name are required fields.

Changed in mahara:
status: Confirmed → In Progress
Changed in mahara:
milestone: none → 18.04.0

It wouldn't have been an empty first name or last name as you do need to enter something but rather when the first name and last name are stripped of potential XSS.

Niranjan (niranjan528) wrote :


Bug description: Adding default user name to use in registration

Environment to be tested: Master
Browser to be tested: Any browser

1. An Institution admin user ‘Inst one’ should exist.
2. Make sure to allow emails by changing the config file to "$cfg->sendemail = true;"
3. Save the config file by making changes to "$cfg->sendallemailto = '<valid email>';"

Note: ‘Valid email’ here is your personal email address.

Steps to reproduce:

1. Log in as ‘Inst one’.
2. Navigate to Administration menu > Institutions > Settings.
3. Click the ‘Settings’ button for ‘Institution one’.
4. Switch ‘Registration allowed’ to ‘Yes’.
5. Switch ‘Confirm registration’ to ‘No’.
6. Click the ‘Submit’ button.
7. Log out from the ‘Inst admin’ user.
8. Click the ‘Register’ link on the Mahara login screen.
9. Enter ‘First name’ & ‘Last name’ with the text ‘<script>alert(1)</script>’.
10. Enter the email that is used at the precondition 3 under ‘Email address’.
11. Click the ‘Register’ button.

Expected result: Registration email with sign-up link should be sent.

12. Click the ‘Registration link’ that is sent to the email.

Expected result: ‘New username’ field should fill with text as ‘user’ by default.

13. Enter the ‘New password’ & ‘Confirm password’.
14. Enter the ‘First name’ & ‘Last name’.
15. Click the ‘Submit’ button.

Expected result: The user should log in successfully and the text ‘Your new password has been saved’ should be displayed on the screen.

16. Log out of the user.
17. Repeat steps 8 to 12 but make sure to use different email at step 10.

Expected result: ‘New username’ field should fill with text as ‘user1’ by default.

Note: By repeating steps 8 to 12 the default 'New username' should be incremented by one, for example user2, user3, and user4.

Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 1af48e445a33c4f54c3d0cf017fce5e77c82e989
Author: Cecilia Vela Gurovic <email address hidden>
Date: Tue Nov 7 17:09:15 2017 +1300

Bug 1720237: adding default username to use in registration

for the case where user's firstname and lastname are empty
and can't be used to generate a username.


Change-Id: I71aeffbf4c9bbf7f46c09c54ea16d9ef8642ca5c

Robert Lyon (robertl-9) on 2017-11-09
Changed in mahara:
status: In Progress → Fix Committed
Robert Lyon (robertl-9) on 2018-04-05
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments