From 48067dc89662032b74dbcf42a402456e10d357c1 Mon Sep 17 00:00:00 2001 From: Michael Eischer Date: Sat, 12 Feb 2022 19:57:13 +0100 Subject: [PATCH] htpasswd: allow underscores in usernames --- changelog/unreleased/issue-182 | 8 ++++++++ htpasswd.go | 4 ++-- 2 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 changelog/unreleased/issue-182 diff --git a/changelog/unreleased/issue-182 b/changelog/unreleased/issue-182 new file mode 100644 index 0000000..8771641 --- /dev/null +++ b/changelog/unreleased/issue-182 @@ -0,0 +1,8 @@ +Bugfix: Allow usernames containing underscore + +The security fix in rest-server 0.11.0 (#131) disallowed usernames containing +and underscore "_". We have changed the list of allowed characters to now include +unicode characters, numbers, "_", "-", "." and "@". + +https://github.com/restic/restic/issues/183 +https://github.com/restic/restic/pull/184 diff --git a/htpasswd.go b/htpasswd.go index c009c99..334ef97 100644 --- a/htpasswd.go +++ b/htpasswd.go @@ -100,7 +100,7 @@ func (h *HtpasswdFile) throttleTimer() { } } -var validUsernameRegexp = regexp.MustCompile(`^[\p{L}\d@.-]+$`) +var validUsernameRegexp = regexp.MustCompile(`^[\p{L}\d@._-]+$`) // Reload reloads the htpasswd file. If the reload fails, the Users map is not changed and the error is returned. func (h *HtpasswdFile) Reload() error { @@ -122,7 +122,7 @@ func (h *HtpasswdFile) Reload() error { users := make(map[string]string) for _, record := range records { if !validUsernameRegexp.MatchString(record[0]) { - log.Printf("Ignoring invalid username %q in htpasswd, consists of characters other than letters", record[0]) + log.Printf("Ignoring invalid username %q in htpasswd, consists of characters other than letters, numbers, '_', '-', '.' and '@'", record[0]) continue } users[record[0]] = record[1]