Validate usernames #19
Conversation
src/lib/validator.ts
Outdated
| * the Gaia URL to any Gaia URL in that user's profile.json | ||
| */ | ||
| async validateUsername(): Promise<boolean> { | ||
| if (!(this.attrs.username && this.gaiaURL)) { |
There was a problem hiding this comment.
When is it possible that the gaiaURL is not set? If it is not set should then username be null so that it is not possible to create a model with a username that is not verified?
There was a problem hiding this comment.
The gaiaURL is set always on the client side if validateUsername is true. This should be updated to also validate for the presence of gaiaURL. Good catch, I'll add to the "todos"
|
Hi all, I've added 2 tasks to add to this PR:
|
hstove
force-pushed
the
feature/validate-usernames
branch
from
1bb4414
to
402b11c
Compare
|
One issue that @leopradel brought up was that this doesn't work well for brand-new Blockstack users. If they just registered a name, and it hasn't propagated yet, then how can we validate the username? One option is to accept User model registrations if they're using a Blockstack ID that does not exist. If it does exist, we'll do the same validation that we do here. |
There is more talks about blockstack ids without username. Whether a username is required should be a validation done on the client of the radiks server, shouldn't ? |
Same holds for invalid usernames that were never registered. I suggest that the server removes |
Feature/validate usernames - validate Gaia url
This PR implements the proposal to validate usernames associated with particular models. If a
usernameis present with a model, then the validator will:profile.jsonassociated with that usernameThis is a somewhat roundabout way of proving ownership of a given name. If you can write to a specific gaia URL, and that gaia URL is in your profile.json, it follows that these users are the same.
cc @moxiegirl, @pradel , @friedger who have expressed interest here.
See stacks-archive/radiks#44 for the front-end code update, which is minimal.
I have published a beta version for testing -
1.1.0-beta.1TODO:
profile.json. Right now, it is done in a very inefficient way, and fetches the profile every time.gaiaURLis present ifusernameis presentvalidateUsernameon all models, unless it has auserGroupId(to preserve group privacy)