id	summary	reporter	owner	description	type	status	priority	milestone	component	resolution	keywords	cc	parents
5414	Login-validator arbitrary and capricious	mi		"Using `gmg adduser` I created an account for myself named ""mi"". However, when I tried to login using it, I was told, the login-field `must be between 3 and 30 characters long.`

This is wrong on many levels:
. The authenticator should not be verifying the length of submitted login and password at all. Such checks might be appropriate for a new account-creation, but I was logging-in, not creating account.
. Even if you disagree with the above, `gmg adduser` should've rejected the name as too short instead.
. Not only is the lower limit of 3 too high -- a family installation can easily have ''one''-letter accounts, the upper limit of 30 is too low as well. Though over 30 is unusual for an account-name, an e-mail address can easily exceed 30 characters.

I was able to login using my e-mail address instead of username, but this needs fixing (along with `tests/test_auth.py`)."	defect	closed	minor		programming	fixed