[Zope-dev] Adding user: Id check?

[Ignacio Dosil Lago]

On Viernes 23 Mayo 2003 14:06, Clemens Robbenhaar wrote:
> Ignacio Dosil Lago writes:
>  >    Hi all,
>  >    I wanted to add a new user to Zope, so I copied it's login name from
>  > a document and pasted it into the user add form.
>  >   That login name included strange characters which I couldn't see.
>  >   Now I can't remove that user!!
>
>  [..]
>
>  If I understand the code in lib/python/AccessControl/User.py correctly
> there is no "valid id" check or the like for users.
>
>  Wouldn't this make sense? As the user name has to be sent via an
> http-header to login as this user, maybe one could limit the allowed
> names to strings which may be send as valid http header.
>  (I.e. creating a user with a ':' seems to be pointless, if using
> basic http-auth. Hm, but people using a Cookie-based login may argue
> differntly.)
>
>  However so far I have not been able to create a user which I could not
> delete afterwards. It would be interesting to know what characters do
> trigger this issue ...
>
> Cheers,
> Clemens
>

  This is what happened:
  I use kmail as my mail client. I selected the login name from it and,
somehow, as it was at the end of a line I moved the mouse and selected the 
next line too.
  I decided to copy and paste it all into the Zope add user form. Only
the second line appeared, so I selected and deleted it all. Then the first 
line appeared into the login name field, I mean the user name, so I added 
that user without realizing that it included two special characters (hex) in 
its user name: A (new line) and D (carriage return).
  Of course, I couldn't log in as that user, so I decided to delete and
readd that user. It wasn't possible to remove it. Zope answer was that it 
found a KeyError with the login name.
  You may reproduce it and remove that user with the solution Adrian van den 
Dries gave me.