github-starred/better-auth
2
0
Fork 0
mirror of https://github.com/better-auth/better-auth.git synced 2026-05-23 07:18:56 -05:00
Code Issues 2.5k Packages Projects Releases 112 Wiki Activity

[PR #6679] feat(username): add username normalization from display username #6819

New Issue
Open
opened 2026-03-13 13:12:50 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-03-13 13:12:50 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/better-auth/better-auth/pull/6679
Author: @Bekacru
Created: 12/10/2025
Status: 🔄 Open

Base: canaryHead: fix/username-check

📝 Commits (7)

  • 73beae4 feat(username): add username normalization from display username
  • 2dca68e merge
  • a646f30 Update packages/better-auth/src/plugins/username/index.ts
  • 84d7059 Update packages/better-auth/src/plugins/username/index.ts
  • 7df56bd Update packages/better-auth/src/plugins/username/index.ts
  • 39a9f30 Update packages/better-auth/src/plugins/username/index.ts
  • 2a7cf60 Merge branch 'canary' into fix/username-check

📊 Changes

3 files changed (+29 additions, -2 deletions)

View changed files

📝 packages/better-auth/src/plugins/username/index.ts (+25 -1)
📝 packages/better-auth/src/plugins/username/username.test.ts (+2 -1)
📝 packages/passkey/src/routes.ts (+2 -0)

📄 Description

Summary by cubic

Adds username normalization when deriving username from displayUsername, and deletes passkey challenges after successful registration/authentication to prevent replay attacks.

  • New Features

    • Derive username from displayUsername with spaces replaced by a configurable character (default "_") and configurable normalization (default toLowerCase).
    • Validate length and format using displayUsernameValidator (if provided) or usernameValidator; prevent XSS.
    • Enforce uniqueness on sign-up and update-user.

  • Bug Fixes

    • Remove passkey verification challenges after successful registration and authentication to stop replay attacks.

Written for commit 2a7cf60706. Summary will update automatically on new commits.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/better-auth/better-auth/pull/6679 **Author:** [@Bekacru](https://github.com/Bekacru) **Created:** 12/10/2025 **Status:** 🔄 Open **Base:** `canary` ← **Head:** `fix/username-check` --- ### 📝 Commits (7) - [`73beae4`](https://github.com/better-auth/better-auth/commit/73beae45fb9e0ee10b51a6b0879a7dfb6e9d6c9f) feat(username): add username normalization from display username - [`2dca68e`](https://github.com/better-auth/better-auth/commit/2dca68e9eb083cc3415f6b70342b772bf2cb666e) merge - [`a646f30`](https://github.com/better-auth/better-auth/commit/a646f30febb26dba6ae014dfab0bd10a57816b24) Update packages/better-auth/src/plugins/username/index.ts - [`84d7059`](https://github.com/better-auth/better-auth/commit/84d705914b44d7fa380d6f8ebc4ce1fa45e9cceb) Update packages/better-auth/src/plugins/username/index.ts - [`7df56bd`](https://github.com/better-auth/better-auth/commit/7df56bd2e89741e3de924e820918b8bfa86501b9) Update packages/better-auth/src/plugins/username/index.ts - [`39a9f30`](https://github.com/better-auth/better-auth/commit/39a9f30b112ee6878978c1278b9b5ec6adb339a3) Update packages/better-auth/src/plugins/username/index.ts - [`2a7cf60`](https://github.com/better-auth/better-auth/commit/2a7cf607061e42d2988b77331a37b92cd6556468) Merge branch 'canary' into fix/username-check ### 📊 Changes **3 files changed** (+29 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `packages/better-auth/src/plugins/username/index.ts` (+25 -1) 📝 `packages/better-auth/src/plugins/username/username.test.ts` (+2 -1) 📝 `packages/passkey/src/routes.ts` (+2 -0) </details> ### 📄 Description <!-- This is an auto-generated description by cubic. --> ## Summary by cubic Adds username normalization when deriving username from displayUsername, and deletes passkey challenges after successful registration/authentication to prevent replay attacks. - **New Features** - Derive username from displayUsername with spaces replaced by a configurable character (default "_") and configurable normalization (default toLowerCase). - Validate length and format using displayUsernameValidator (if provided) or usernameValidator; prevent XSS. - Enforce uniqueness on sign-up and update-user. - **Bug Fixes** - Remove passkey verification challenges after successful registration and authentication to stop replay attacks. <sup>Written for commit 2a7cf607061e42d2988b77331a37b92cd6556468. Summary will update automatically on new commits.</sup> <!-- End of auto-generated description by cubic. --> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-03-13 13:12:50 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
adapter
astro
awaiting external contributor
blocked
breaking
breaking change
bug
c-devops
core
credentials
database
dependencies
devops
devtools
docs
documentation
duplicate
elysia
enhancement
enterprise
expo
express
fastify
good first issue
help wanted
hono
identity
infra
integration
invalid
javascript
locked
maintenance
need-more-information
needs: info
needs: repro
nextjs
nuxt
oauth
organization
P0
payments
perf
platform
plugin
pull-request
Mirrored from GitHub Pull Request
 question
ready
regression
remix
security
social-provider
solid
stale
svelte
tanstack-start
tracking
version-bump
vue
wontfix
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/better-auth#6819
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?