{
  "id": "django__django-11099",
  "question": "UsernameValidator allows trailing newline in usernames\nDescription\n\t\nASCIIUsernameValidator and UnicodeUsernameValidator use the regex \nr'^[\\w.@+-]+$'\nThe intent is to only allow alphanumeric characters as well as ., @, +, and -. However, a little known quirk of Python regexes is that $ will also match a trailing newline. Therefore, the user name validators will accept usernames which end with a newline. You can avoid this behavior by instead using \\A and \\Z to terminate regexes. For example, the validator regex could be changed to\nr'\\A[\\w.@+-]+\\Z'\nin order to reject usernames that end with a newline.\nI am not sure how to officially post a patch, but the required change is trivial - using the regex above in the two validators in contrib.auth.validators.\n",
  "answer": "{\"task_id\": \"a47e13f0-2a26-41bb-a6a1-fea7ab8b866a\", \"workflow_run_id\": \"e044e5c9-6e67-4263-b689-2583f086f4ad\", \"data\": {\"id\": \"e044e5c9-6e67-4263-b689-2583f086f4ad\", \"workflow_id\": \"9a0a6efa-4d15-4876-b13f-4fb6a999caa2\", \"status\": \"succeeded\", \"outputs\": {\"final_patch\": [\"--- a/django/contrib/auth/validators.py\\n+++ b/django/contrib/auth/validators.py\\n@@ -16,7 +16,7 @@ class ASCIIUsernameValidator(validators.RegexValidator):\\n     def __init__(self, **kwargs):\\n         super().__init__(\\n-            regex=r'^[\\\\w.@+-]+$',\\n+            regex=r'\\\\A[\\\\w.@+-]+\\\\Z',\\n             message=_(\\n                 'Enter a valid username. This value may contain only English letters, '\\n                 'numbers, and @/./+/-/_ characters.'\\n@@ -27,7 +27,7 @@ class UnicodeUsernameValidator(validators.RegexValidator):\\n     def __init__(self, **kwargs):\\n         super().__init__(\\n-            regex=r'^[\\\\w.@+-]+$',\\n+            regex=r'\\\\A[\\\\w.@+-]+\\\\Z',\\n             message=_(\\n                 'Enter a valid username. This value may contain only letters, '\\n                 'numbers, and @/./+/-/_ characters.'\\n\", \"--- a/django/contrib/auth/validators.py\\n+++ b/django/contrib/auth/validators.py\\n@@ -16,7 +16,7 @@ class ASCIIUsernameValidator(validators.RegexValidator):\\n     def __init__(self, **kwargs):\\n         super().__init__(\\n-            regex=r'^[\\\\w.@+-]+$',\\n+            regex=r'^[\\\\w.@+-]+\\\\Z',\\n             message=_(\\n                 'Enter a valid username. This value may contain only English letters, '\\n                 'numbers, and @/./+/-/_ characters.'\\n@@ -27,7 +27,7 @@ class UnicodeUsernameValidator(validators.RegexValidator):\\n     def __init__(self, **kwargs):\\n         super().__init__(\\n-            regex=r'^[\\\\w.@+-]+$',\\n+            regex=r'^[\\\\w.@+-]+\\\\Z',\\n             message=_(\\n                 'Enter a valid username. This value may contain only letters, '\\n                 'numbers, and @/./+/-/_ characters.'\\n\", \"--- a/django/contrib/auth/validators.py\\n+++ b/django/contrib/auth/validators.py\\n@@ -16,7 +16,7 @@ class ASCIIUsernameValidator(validators.RegexValidator):\\n     def __init__(self, **kwargs):\\n         super().__init__(\\n-            regex=r'^[\\\\w.@+-]+$',\\n+            regex=r'(?-m)^[\\\\w.@+-]+$',\\n             message=_(\\n                 'Enter a valid username. This value may contain only English letters, '\\n                 'numbers, and @/./+/-/_ characters.'\\n@@ -27,7 +27,7 @@ class UnicodeUsernameValidator(validators.RegexValidator):\\n     def __init__(self, **kwargs):\\n         super().__init__(\\n-            regex=r'^[\\\\w.@+-]+$',\\n+            regex=r'(?-m)^[\\\\w.@+-]+$',\\n             message=_(\\n                 'Enter a valid username. This value may contain only letters, '\\n                 'numbers, and @/./+/-/_ characters.'\\n\", \"--- a/django/contrib/auth/validators.py\\n+++ b/django/contrib/auth/validators.py\\n@@ -16,7 +16,7 @@ class ASCIIUsernameValidator(validators.RegexValidator):\\n     def __init__(self, **kwargs):\\n         super().__init__(\\n-            regex=r'^[\\\\w.@+-]+$',\\n+            regex=r'^[^\\\\r\\\\n]*[\\\\w.@+-]+[^\\\\r\\\\n]*$',\\n             message=_(\\n                 'Enter a valid username. This value may contain only English letters, '\\n                 'numbers, and @/./+/-/_ characters.'\\n@@ -27,7 +27,7 @@ class UnicodeUsernameValidator(validators.RegexValidator):\\n     def __init__(self, **kwargs):\\n         super().__init__(\\n-            regex=r'^[\\\\w.@+-]+$',\\n+            regex=r'^[^\\\\r\\\\n]*[\\\\w.@+-]+[^\\\\r\\\\n]*$',\\n             message=_(\\n                 'Enter a valid username. This value may contain only letters, '\\n                 'numbers, and @/./+/-/_ characters.'\\n\", \"--- a/django/contrib/auth/validators.py\\n+++ b/django/contrib/auth/validators.py\\n@@ -16,7 +16,7 @@ class ASCIIUsernameValidator(validators.RegexValidator):\\n     def __init__(self, **kwargs):\\n         super().__init__(\\n-            regex=r'^[\\\\w.@+-]+$',\\n+            regex=r'^[\\\\w.@+-]+(?<!\\\\n)$',\\n             message=_(\\n                 'Enter a valid username. This value may contain only English letters, '\\n                 'numbers, and @/./+/-/_ characters.'\\n@@ -27,7 +27,7 @@ class UnicodeUsernameValidator(validators.RegexValidator):\\n     def __init__(self, **kwargs):\\n         super().__init__(\\n-            regex=r'^[\\\\w.@+-]+$',\\n+            regex=r'^[\\\\w.@+-]+(?<!\\\\n)$',\\n             message=_(\\n                 'Enter a valid username. This value may contain only letters, '\\n                 'numbers, and @/./+/-/_ characters.'\\n\", \"diff\\n--- a/django/contrib/auth/validators.py\\n+++ b/django/contrib/auth/validators.py\\n@@ -16,7 +16,7 @@ class ASCIIUsernameValidator(validators.RegexValidator):\\n     def __init__(self, **kwargs):\\n         super().__init__(\\n-            regex=r'^[\\\\w.@+-]+$',\\n+            regex=r'\\\\A[\\\\w.@+-]+\\\\Z',\\n             message=_(\\n                 'Enter a valid username. This value may contain only English letters, '\\n                 'numbers, and @/./+/-/_ characters.'\\n@@ -27,7 +27,7 @@ class UnicodeUsernameValidator(validators.RegexValidator):\\n     def __init__(self, **kwargs):\\n         super().__init__(\\n-            regex=r'^[\\\\w.@+-]+$',\\n+            regex=r'\\\\A[\\\\w.@+-]+\\\\Z',\\n             message=_(\\n                 'Enter a valid username. This value may contain only letters, '\\n                 'numbers, and @/./+/-/_ characters.'\\n\", \"diff\\n--- a/django/contrib/auth/validators.py\\n+++ b/django/contrib/auth/validators.py\\n@@ -16,7 +16,7 @@ class ASCIIUsernameValidator(validators.RegexValidator):\\n     def __init__(self, **kwargs):\\n         super().__init__(\\n-            regex=r'^[\\\\w.@+-]+$',\\n+            regex=r'\\\\A[\\\\w.@+-]+\\\\Z',\\n             message=_(\\n                 'Enter a valid username. This value may contain only English letters, '\\n                 'numbers, and @/./+/-/_ characters.'\\n@@ -27,7 +27,7 @@ class UnicodeUsernameValidator(validators.RegexValidator):\\n     def __init__(self, **kwargs):\\n         super().__init__(\\n-            regex=r'^[\\\\w.@+-]+$',\\n+            regex=r'\\\\A[\\\\w.@+-]+\\\\Z',\\n             message=_(\\n                 'Enter a valid username. This value may contain only letters, '\\n                 'numbers, and @/./+/-/_ characters.'\\n\", \"diff\\n--- a/django/contrib/auth/validators.py\\n+++ b/django/contrib/auth/validators.py\\n@@ -16,7 +16,7 @@ class ASCIIUsernameValidator(validators.RegexValidator):\\n     def __init__(self, **kwargs):\\n         super().__init__(\\n-            regex=r'^[\\\\w.@+-]+$',\\n+            regex=r'\\\\A[\\\\w.@+-]+\\\\Z',\\n             message=_(\\n                 'Enter a valid username. This value may contain only English letters, '\\n                 'numbers, and @/./+/-/_ characters.'\\n@@ -27,7 +27,7 @@ class UnicodeUsernameValidator(validators.RegexValidator):\\n     def __init__(self, **kwargs):\\n         super().__init__(\\n-            regex=r'^[\\\\w.@+-]+$',\\n+            regex=r'\\\\A[\\\\w.@+-]+\\\\Z',\\n             message=_(\\n                 'Enter a valid username. This value may contain only letters, '\\n                 'numbers, and @/./+/-/_ characters.'\\n\"]}, \"error\": \"\", \"elapsed_time\": 116.277818, \"total_tokens\": 39016, \"total_steps\": 30, \"created_at\": 1754647442, \"finished_at\": 1754647559}}"
}