validation: improve error message for invalid chars

2025-12-06 22:30:56 +03:00 · 2021-02-08 21:32:59 +01:00
parent a2a99f9b57
commit db80781716
3 changed files with 5 additions and 5 deletions
--- a/2
+++ b/2
@@ -55,8 +55,6 @@ RUN sed -i "s|\"users_base_dir\": \"\",|\"users_base_dir\": \"/srv/sftpgo/data\"
    sed -i "s|\"backups\"|\"/srv/sftpgo/backups\"|" /etc/sftpgo/sftpgo.json && \
    sed -i "s|\"address\": \"127.0.0.1\",|\"address\": \"\",|" /etc/sftpgo/sftpgo.json

-COPY ./docker/scripts/entrypoint.sh /docker-entrypoint.sh
-
 RUN chown -R sftpgo:sftpgo /etc/sftpgo && chown sftpgo:sftpgo /var/lib/sftpgo /srv/sftpgo

 WORKDIR /var/lib/sftpgo
--- a/dataprovider/admin.go
+++ b/dataprovider/admin.go
@@ -70,7 +70,7 @@ func (a *Admin) validate() error {
 		return &ValidationError{err: "please set a password"}
 	}
 	if !usernameRegex.MatchString(a.Username) {
-		return &ValidationError{err: fmt.Sprintf("username %#v is not valid", a.Username)}
+		return &ValidationError{err: fmt.Sprintf("username %#v is not valid, the following characters are allowed: a-zA-Z0-9-_.~", a.Username)}
 	}
 	if a.Password != "" && !strings.HasPrefix(a.Password, argonPwdPrefix) {
 		pwd, err := argon2id.CreateHash(a.Password, argon2Params)
--- a/dataprovider/dataprovider.go
+++ b/dataprovider/dataprovider.go
@@ -1363,7 +1363,8 @@ func validateBaseParams(user *User) error {
 		return &ValidationError{err: "username is mandatory"}
 	}
 	if !usernameRegex.MatchString(user.Username) {
-		return &ValidationError{err: fmt.Sprintf("username %#v is not valid", user.Username)}
+		return &ValidationError{err: fmt.Sprintf("username %#v is not valid, the following characters are allowed: a-zA-Z0-9-_.~",
+			user.Username)}
 	}
 	if user.HomeDir == "" {
 		return &ValidationError{err: "home_dir is mandatory"}
@@ -1395,7 +1396,8 @@ func ValidateFolder(folder *vfs.BaseVirtualFolder) error {
 		return &ValidationError{err: "folder name is mandatory"}
 	}
 	if !usernameRegex.MatchString(folder.Name) {
-		return &ValidationError{err: fmt.Sprintf("folder name %#v is not valid", folder.Name)}
+		return &ValidationError{err: fmt.Sprintf("folder name %#v is not valid, the following characters are allowed: a-zA-Z0-9-_.~",
+			folder.Name)}
 	}
 	cleanedMPath := filepath.Clean(folder.MappedPath)
 	if !filepath.IsAbs(cleanedMPath) {