Allow usernames and groupnames of length 1

Fixes #204

src/groups.js

@@ -60,7 +60,7 @@ GroupError.NOT_ALLOWED = 'Not Allowed';
 function validateGroupname(name) {
     assert.strictEqual(typeof name, 'string');
 
-    if (name.length < 2) return new GroupError(GroupError.BAD_FIELD, 'name must be atleast 2 chars');
+    if (name.length < 1) return new GroupError(GroupError.BAD_FIELD, 'name must be atleast 1 char');
     if (name.length >= 200) return new GroupError(GroupError.BAD_FIELD, 'name too long');
 
     if (constants.RESERVED_NAMES.indexOf(name) !== -1) return new GroupError(GroupError.BAD_FIELD, 'name is reserved');

src/routes/user.js

@@ -42,7 +42,7 @@ function create(req, res, next) {
     var password = generatePassword();
     var email = req.body.email;
     var sendInvite = req.body.invite;
-    var username = req.body.username || '';
+    var username = 'username' in req.body ? req.body.username : null;
     var displayName = req.body.displayName || '';
 
     user.create(username, password, email, displayName, auditSource(req), { invitor: req.user, sendInvite: sendInvite }, function (error, user) {

src/test/groups-test.js

@@ -54,7 +54,7 @@ describe('Groups', function () {
     after(cleanup);
 
     it('cannot create group - too small', function (done) {
-        groups.create('a', function (error) {
+        groups.create('', function (error) {
             expect(error.reason).to.be(GroupError.BAD_FIELD);
             done();
         });

src/test/user-test.js

@@ -162,7 +162,7 @@ describe('User', function () {
         });
 
         it('fails due to short username', function (done) {
-            user.create('Z', PASSWORD, EMAIL, DISPLAY_NAME, AUDIT_SOURCE, function (error, result) {
+            user.create('', PASSWORD, EMAIL, DISPLAY_NAME, AUDIT_SOURCE, function (error, result) {
                 expect(error).to.be.ok();
                 expect(result).to.not.be.ok();
                 expect(error.reason).to.equal(UserError.BAD_FIELD);

src/user.js

@@ -89,10 +89,8 @@ UserError.BAD_TOKEN = 'Bad token';
 // keep this in sync with validateGroupname
 function validateUsername(username) {
     assert.strictEqual(typeof username, 'string');
-    // allow empty usernames
-    if (username === '') return null;
 
-    if (username.length <= 1) return new UserError(UserError.BAD_FIELD, 'Username must be atleast 2 chars');
+    if (username.length < 1) return new UserError(UserError.BAD_FIELD, 'Username must be atleast 1 char');
     if (username.length >= 200) return new UserError(UserError.BAD_FIELD, 'Username too long');
 
     if (constants.RESERVED_NAMES.indexOf(username) !== -1) return new UserError(UserError.BAD_FIELD, 'Username is reserved');
@@ -129,7 +127,7 @@ function validateDisplayName(name) {
 }
 
 function createUser(username, password, email, displayName, auditSource, options, callback) {
-    assert.strictEqual(typeof username, 'string');
+    assert(username === null || typeof username === 'string');
     assert.strictEqual(typeof password, 'string');
     assert.strictEqual(typeof email, 'string');
     assert.strictEqual(typeof displayName, 'string');
@@ -144,16 +142,18 @@ function createUser(username, password, email, displayName, auditSource, options
         sendInvite = options && options.sendInvite ? true : false,
         owner = options && options.owner ? true : false;
 
-    // We store usernames and email in lowercase
-    username = username.toLowerCase();
-    email = email.toLowerCase();
+    var error;
 
-    var error = validateUsername(username);
-    if (error) return callback(error);
+    if (username !== null) {
+        username = username.toLowerCase();
+        error = validateUsername(username);
+        if (error) return callback(error);
+    }
 
     error = validatePassword(password);
     if (error) return callback(new UserError(UserError.BAD_FIELD, error.message));
 
+    email = email.toLowerCase();
     error = validateEmail(email);
     if (error) return callback(error);
 

src/userdb.js

@@ -28,9 +28,6 @@ var USERS_FIELDS = [ 'id', 'username', 'email', 'password', 'salt', 'createdAt',
 function postProcess(result) {
     assert.strictEqual(typeof result, 'object');
 
-    // The username may be null or undefined in the db, let's ensure it is a string
-    result.username = result.username || '';
-
     return result;
 }
 
@@ -129,7 +126,7 @@ function getAllAdmins(callback) {
 
 function add(userId, user, callback) {
     assert.strictEqual(typeof userId, 'string');
-    assert.strictEqual(typeof user.username, 'string');
+    assert(user.username === null || typeof user.username === 'string');
     assert.strictEqual(typeof user.password, 'string');
     assert.strictEqual(typeof user.email, 'string');
     assert.strictEqual(typeof user.salt, 'string');
@@ -139,7 +136,7 @@ function add(userId, user, callback) {
     assert.strictEqual(typeof user.displayName, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    var data = [ userId, user.username || null, user.password, user.email, user.salt, user.createdAt, user.modifiedAt, user.resetToken, user.displayName ];
+    var data = [ userId, user.username, user.password, user.email, user.salt, user.createdAt, user.modifiedAt, user.resetToken, user.displayName ];
     database.query('INSERT INTO users (id, username, password, email, salt, createdAt, modifiedAt, resetToken, displayName) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)', data, function (error, result) {
         if (error && error.code === 'ER_DUP_ENTRY') {
             var msg = error.message;
@@ -208,8 +205,8 @@ function update(userId, user, callback) {
         fields.push(k + ' = ?');
 
         if (k === 'username') {
-            assert.strictEqual(typeof user.username, 'string');
-            args.push(user.username || null);
+            assert(user.username === null || typeof user.username === 'string');
+            args.push(user.username);
         } else if (k === 'email') {
             assert.strictEqual(typeof user.email, 'string');
             args.push(user.email);