htpasswd: allow underscores in usernames

restic · Feb 12, 2022 · 48067dc · 48067dc
1 parent 096ac5a
commit 48067dc
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/changelog/unreleased/issue-182 b/changelog/unreleased/issue-182
@@ -0,0 +1,8 @@
+Bugfix: Allow usernames containing underscore
+
+The security fix in rest-server 0.11.0 (#131) disallowed usernames containing
+and underscore "_". We have changed the list of allowed characters to now include
+unicode characters, numbers, "_", "-", "." and "@".
+
+https://github.com/restic/restic/issues/183
+https://github.com/restic/restic/pull/184
diff --git a/htpasswd.go b/htpasswd.go
@@ -100,7 +100,7 @@ func (h *HtpasswdFile) throttleTimer() {
 	}
 }
 
-var validUsernameRegexp = regexp.MustCompile(`^[\p{L}\d@.-]+$`)
+var validUsernameRegexp = regexp.MustCompile(`^[\p{L}\d@._-]+$`)
 
 // Reload reloads the htpasswd file. If the reload fails, the Users map is not changed and the error is returned.
 func (h *HtpasswdFile) Reload() error {
@@ -122,7 +122,7 @@ func (h *HtpasswdFile) Reload() error {
 	users := make(map[string]string)
 	for _, record := range records {
 		if !validUsernameRegexp.MatchString(record[0]) {
-			log.Printf("Ignoring invalid username %q in htpasswd, consists of characters other than letters", record[0])
+			log.Printf("Ignoring invalid username %q in htpasswd, consists of characters other than letters, numbers, '_', '-', '.' and '@'", record[0])
 			continue
 		}
 		users[record[0]] = record[1]