Stowage/rest-server
2
0
Fork 0
mirror of https://github.com/restic/rest-server.git synced 2025-10-19 07:33:21 +00:00
Code Issues Projects Releases Packages Wiki Activity

htpasswd: allow underscores in usernames

Browse source
This commit is contained in:
Michael Eischer 2022-02-12 19:57:13 +01:00
parent 096ac5a9c8
commit 48067dc896
2 changed files with 10 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
changelog/unreleased/issue-182 Normal file
View file

@ -0,0 +1,8 @@
Bugfix: Allow usernames containing underscore
The security fix in rest-server 0.11.0 (#131) disallowed usernames containing
and underscore "_". We have changed the list of allowed characters to now include
unicode characters, numbers, "_", "-", "." and "@".
https://github.com/restic/restic/issues/183
https://github.com/restic/restic/pull/184

4
htpasswd.go
View file

@ -100,7 +100,7 @@ func (h *HtpasswdFile) throttleTimer() {
} }
} }
var validUsernameRegexp = regexp.MustCompile(`^[\p{L}\d@.-]+$`) var validUsernameRegexp = regexp.MustCompile(`^[\p{L}\d@._-]+$`)
// Reload reloads the htpasswd file. If the reload fails, the Users map is not changed and the error is returned. // Reload reloads the htpasswd file. If the reload fails, the Users map is not changed and the error is returned.
func (h *HtpasswdFile) Reload() error { func (h *HtpasswdFile) Reload() error {
@ -122,7 +122,7 @@ func (h *HtpasswdFile) Reload() error {
users := make(map[string]string) users := make(map[string]string)
for _, record := range records { for _, record := range records {
if !validUsernameRegexp.MatchString(record[0]) { if !validUsernameRegexp.MatchString(record[0]) {
log.Printf("Ignoring invalid username %q in htpasswd, consists of characters other than letters", record[0]) log.Printf("Ignoring invalid username %q in htpasswd, consists of characters other than letters, numbers, '_', '-', '.' and '@'", record[0])
continue continue
} }
users[record[0]] = record[1] users[record[0]] = record[1]