Remove username rules and allow to change it in profile

[Boy132]

There is no reason to restrict the username or to not allow users to edit theirs.

#FreeUsername

[coderabbitai]

📝 Walkthrough

Walkthrough

The change set removes the custom Username validation rule and its tests, relaxes username validation across the app, makes the username editable on the Edit Profile page, adjusts related Filament form field options, and updates an icon. No public API signatures were changed.

Changes

Cohort / File(s)	Summary
Remove custom Username rule and tests app/Rules/Username.php, tests/Unit/Rules/UsernameTest.php	Deleted the custom App\Rules\Username validator and its unit tests.
Model validation updates app/Models/User.php	Removed import and usage of App\Rules\Username; username now uses base rules (required, length, unique).
Admin UserResource form updates app/Filament/Admin/Resources/Users/UserResource.php	Dropped alphaNum() and minLength(3) from username field; kept required(), unique(), maxLength(255).
Edit Profile UI and field behavior app/Filament/Pages/Auth/EditProfile.php	Changed account tab icon (tabler-user → tabler-user-cog). Made username field editable and required with maxLength(255) and unique(). Adjusted password field dehydration callbacks (no explicit type hints), behavior unchanged.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor U as User
  participant EP as EditProfile Page
  participant V as Validator
  participant DB as Database

  U->>EP: Open Edit Profile
  EP-->>U: Show editable username & password fields

  U->>EP: Submit form
  EP->>V: Validate inputs
  note right of V: Username: required + unique + maxLength(255)<br/>(custom rule & alphaNum/minLength removed)
  V-->>EP: Validation result

  alt Valid
    EP->>EP: Hash password if provided
    EP->>DB: Update user record
    DB-->>EP: Persisted
    EP-->>U: Success response
  else Invalid
    EP-->>U: Show validation errors
  end

Loading

Pre-merge checks (3 passed)

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title directly and succinctly summarizes the primary change—removing username validation rules and enabling username edits in the profile—making it clear, concise, and relevant to the changeset.
Description Check	✅ Passed	The description states the rationale for the change (lifting username restrictions and allowing users to edit their usernames) and is directly related to the changeset, satisfying the lenient criteria for this check.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[rmartinoscar]

Wings won't be able to parse them for sftp

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

app/Filament/Pages/Auth/EditProfile.php (1)

114-116: Guard against whitespace-only passwords and avoid hashing blanks

Minor hardening: treat whitespace-only input as empty and trim before hashing.

Apply this diff:

-                                    ->dehydrated(fn ($state) => filled($state))
-                                    ->dehydrateStateUsing(fn ($state) => Hash::make($state))
+                                    ->dehydrated(fn ($state) => is_string($state) && filled(trim($state)))
+                                    ->dehydrateStateUsing(fn ($state) => Hash::make(trim((string) $state)))

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8f1ec20 and 7700f05.

📒 Files selected for processing (5)

• app/Filament/Admin/Resources/Users/UserResource.php (0 hunks)
• app/Filament/Pages/Auth/EditProfile.php (3 hunks)
• app/Models/User.php (0 hunks)
• app/Rules/Username.php (0 hunks)
• tests/Unit/Rules/UsernameTest.php (0 hunks)

💤 Files with no reviewable changes (4)

• app/Models/User.php
• tests/Unit/Rules/UsernameTest.php
• app/Filament/Admin/Resources/Users/UserResource.php
• app/Rules/Username.php

🔇 Additional comments (4)

app/Filament/Pages/Auth/EditProfile.php (4)

92-92: Icon change looks good

Semantic improvement for the Account tab.

---

94-100: Make username unique() ignore the current record

File: app/Filament/Pages/Auth/EditProfile.php (≈ lines 94–100)

Use ignoreRecord so updating without changing the username doesn't fail validation.

-                                TextInput::make('username')
+                                TextInput::make('username')
                                     ->prefixIcon('tabler-user')
                                     ->label(trans('profile.username'))
                                     ->required()
                                     ->maxLength(255)
-                                    ->unique(),
+                                    ->unique(ignoreRecord: true),

• Mirror the same change for the email field if not already handled.
• Confirm a DB-level unique index exists on users.username (and users.email); repo search returned no files so this could not be auto-verified.

---

94-100: ```shell
#!/bin/bash
set -euo pipefail

echo "pwd: $(pwd)"
echo "rg version: $(rg --version 2>/dev/null || echo 'rg not found')"
echo

echo "== 1) occurrences of 'username' (context 3 lines) =="
rg -uu -n -H -C3 --hidden '\busername\b' || true

echo
echo "== 2) raw/unescaped patterns (HtmlString, ->htmlable, raw(, {!!, @php) =="
rg -uu -n -H -C3 --hidden -P "(HtmlString(|->htmlable(|\braw(|{!!|@php|->toHtmlString(|->toHtml()" || true

echo
echo "== 3) route/url usages referencing username in path/params or route/url calls =="
rg -uu -n -H -C3 --hidden -P "(/users/{username}|/{username}|route([^)]username|url([^)]username|href\s=\s['"][^'\"]*username)" || true

echo
echo "== 4) getRouteKeyName / routeKeyName occurrences =="
rg -uu -n -H -C3 --hidden '\bgetRouteKeyName\b|\brouteKeyName\b' || true

echo
echo "== 5) migrations / schema username column definitions =="
rg -uu -n -H -C3 --hidden -P "Schema::create(|$table->string(\s*['"]username['"]" || true

echo
echo "== 6) blade unescaped prints (search for {!! and username) =="
rg -uu -n -H -C3 --hidden '{!!' || true
echo "---- now show only {!! lines that include 'username' ----"
rg -uu -n -H --hidden -S '{!!' | rg -F 'username' -n -H || true

echo
echo "== 7) file under review: app/Filament/Pages/Auth/EditProfile.php =="
if [ -f app/Filament/Pages/Auth/EditProfile.php ]; then
sed -n '1,240p' app/Filament/Pages/Auth/EditProfile.php
else
echo "MISSING: app/Filament/Pages/Auth/EditProfile.php"
fi

---

`124-125`: **Make `required()` conditional on password visibility**

Filament v3 still runs server-side validation for hidden fields marked `required()`. Bind `required()` to the same predicate as `visible()` to avoid validation errors.

File: app/Filament/Pages/Auth/EditProfile.php — lines 124-125

```diff
-                                    ->required()
-                                    ->visible(fn (Get $get) => filled($get('password')))
+                                    ->required(fn (Get $get) => filled($get('password')))
+                                    ->visible(fn (Get $get) => filled($get('password')))

Likely an incorrect or invalid review comment.

[Boy132]

Wings won't be able to parse them for sftp

It works fine. :) Even something more crazy like admin#@/-$ works.

[Leon-JavaScript]

Will is be possible for admins to restrict users being able to change their own username? (like with the server description)
I think some people want to have clean username lists (or even specific username patterns) e.g. when using the panel with an external system.