Dependency on password generator can lead to invalid usernames ("The username contains an illegal character.")

Here's a patch for 8.x-1.x to implement the second option. Looking at the 2.x branch, the code for generating a temp username is exposed as a service, which would suggest the first option might be an easier fix - just remove the password generator dependency and implement a hash function in the service itself.

Regardless, this patch should get you by if you have genpass 2.x with email registration 8.x-1.x and need to get things working.

This is the exact same issue that Automatic User Names ran into 🐛 Error message The username contains an illegal character. Needs review .

The solution I put forward there was to use something which is guaranteed to always return valid characters, such as the UUID service; "A 16 byte integer represented as a hex string formatted with 4 hyphens". The password generator has always been able to be overridden to include more characters so it's not a good choice for having an always predictable output. Genpass is now doing this override so that all site passwords are generated the same.

eg. email_registration_44ebd242-37d9-409f-9331-34daa404676d

Here's the code put forward for auto_username

-  $form['account']['name']['#value'] = \Drupal::service('password_generator')->generate();
+  // Use uuid service to generate a temporary name that is guaranteed to pass
+  // Drupal core's UserNameConstraintValidator. The password_generator service
+  // can be replaced or decorated to make more secure passwords, while a UUID
+  // is always generated according to RFC 4122.
+  // eg f42fd056-1b53-431c-b09a-210c6b1fb1b0
+  $form['account']['name']['#value'] = \Drupal::service('uuid')->generate();

The 2.x branch still uses password_generate service in it's own service to suffix 'email_registration_' with a password. Attached is a patch to use uuid for that too.

Max username length is 60 characters. Uuid is 36. 'email_registration_' is 19 for a total of 55. Probably don't need to prefix the username but it does assist in tracking down which module was responsible for it. Also not a high security situation, so a subset of the end portion of the uuid could be used instead, eg email_registration_34daa404676d from the example above.

Thanks for the report.

Just ran into this myself in a project. The message shown to the user is:

The username contains an illegal character.

The quickfix is to disable Genpass service replacement at admin/config/people/accounts!

As this may unexpectedly block registrations and is hard to find, I'm setting the priority "Major" and will have a look at the possible solutions now.

@ELC

You wrote:

Max username length is 60 characters. Uuid is 36. 'email_registration_' is 19 for a total of 55. Probably don't need to prefix the username but it does assist in tracking down which module was responsible for it. Also not a high security situation, so a subset of the end portion of the uuid could be used instead, eg email_registration_34daa404676d from the example above.

As we're 5 below 60, is there any issue with the proposed solution? I'm wondering why we'd need to change that?

PS: MR's are preferred :)

Prepared MR's from #3

Failing tests are caused by 🐛 Fix No tests found in class "Drupal\Tests\email_registration\Functional\EmailRegistrationFunctionalTestBase". Needs review and are unrelated.

As I changed no code, just created a MR from #3 by @ELC I'm setting this RTBC myself.

Merged into dev in both version, please have a try before we tag a new rc3.

Tagged new 8.x-1.4 and 2.0.0-rc3 releases with this fix!

Automatically closed - issue fixed for 2 weeks with no activity.