restic / rest-server

Rest Server is a high performance HTTP server that implements restic's REST backend API.
BSD 2-Clause "Simplified" License
978 stars 143 forks source link

Fix for Security #131 broke usernames containing '_' #182

Closed PhracturedBlue closed 2 years ago

PhracturedBlue commented 2 years ago

Output of rest-server --version 4860e044dfed

How did you run rest-server exactly?

docker run -v /storage:/data restic/rest-server

What backend/server/service did you use to store the repository?

local storage

Expected behavior

restic stopped allowing login due to my .htpasswd file haveing a username like foo_bar. This was working previoulsy and so seems to be an unintended(?) regression due to Security #131

Steps to reproduce the behavior

Care a username containing an underscore

Do you have any idea what may have caused this?

Fix for Security #131

Do you have an idea how to solve the issue?

Fix the code or remove the '_' from usernames

Did rest-server help you today? Did it make you happy in any way?

I've been a happy restic user for several years, and still continue to be one :) I am not blocked by this issue, but thought it might surprise other users.