How much can one extra space cost?

A curious and very painful situation happened at the same time.
We have many registered customers and many of them are those who have never logged into the system.

It is useless to write to clients on such questions - few offended clients will answer why he was offended.
Therefore, we were not too lazy and started stupidly calling everyone and asking why, they say, didn’t come in?
The answer was almost the same for everyone:
-We were unable to enter the login password.

The result of the investigation sent everyone in deep shock.

To understand the reason for this, we found loyal customers from among those who have never been able to enter, and to the last smallest details we reproduced the entire sequence of events.
The authorization form is configured so that if the user enters the wrong character in the "login" field, the system displays a message about this and does not allow the user to leave this field until the error is fixed. By this logic, the user always understands which character was entered incorrectly.

Login and password for access to the system came by e-mail. People copied the username from the letter and with it copied an extra space at the end!

Those. if there is a space in the login field, the system does not issue focus and
in the end, people couldn’t even start entering a password.

This problem was about 3-4 months. On the offhand, due to the fact that approximately 120-150 people from those who wanted to pay money for the service simply could not go in and were offended severely, this gap cost us about 500 tr. Plus minus 90 tr

There were two problems:
1. there was an extra space in the email notification template after the login:
Логин для входа: %3$s
Problem place right here "%3$s "
We decided just by editing the template. Now there are no extra spaces with copy paste.

2. In the authorization form, there was no processing for entering a string with invalid characters
Here, to solve the problem, they decided to do this: Before validation, first do trim, then with a regular pattern we clean everything that may interfere. By the time the login itself is verified (and the email is used as the login) we have a completely cleared line. And the task of the validator is to give an assessment, it looks like it is an email and whether it is in our database.

That is, it turns out that at first the string is normalized and only then validated. It was decided to implement this approach everywhere. Validators of all forms and input fields were provided with functions of preliminary normalization, depending on the data type of course.

All members of the development team have been on the web for at least 10 years. And the stupider we looked in our own eyes.
The situation would never have manifested if there was no extra space in the notification template. Or in the authorization form, a more informative message was provided that accurately showed the reason for the error message.

Perhaps our sad example will prove useful to someone.

Also popular now: