Username validation during registration should only consider top-level namespaces
Username validation on the registration form checks whether the namespace is not taken by any existing namespace. This check uses the Users#exists
endpoint and is done via a similar query:
SELECT * FROM "namespaces"
WHERE "namespaces"."type" != 'Project' AND (lower(path) = 'awesome-username' OR lower(name) = 'awesome-username')
The problem is that it considers all namespaces, even subgroups. A name taken by a subgroup should not limit the list of available namespaces. As an example, if there is a subgroup with path my-org/best-name-ever
, a new user cannot pick best-name-ever
as a username.
Proposal: only check top-level namespaces in the query, or use the routes
table.
Edited by Imre Farkas