Are there limitations to username / password for http basic authentication?

[Ra72xx]

I wanted to set a strong password for http basic authentication and therefore generated one with a generator. However, I repeatedly locked myself out this way, as I was not able to log in with the password. I had to re-flash everything.

The username was "nuki_master" and the password "ESMBiet3tZäh1enP0l3nSturm" (it's no longer relevant).

Is it possible that the 'ä' character messes up the authentication, or is the password to long, or whatever? Everything went fine when using a simpler, shorter password.

Probably there should be a hint in the documentation concerning those restrictions, if they exist.

[mundschenk-at]

There is a length limit. AFAIK it is 30 chars, though there should be a note on the config page.

Edit: I overlooked the password string you provided. That should be short enough, even with UTF8 factored in, so I'll let to have people more familiar with C++ string handling weigh in. It's possible that the Umlaut is the problem, should be easy to verify, just change it to a non umlauted vowel and try again.

[technyon]

Hi. Not sure I'd need to check the code, but at some level it'll use plain old C char arrays. Avoiding such special characters as Umlaute is probably good, maybe we should add some checks.

[iranl]

Unicode is not supported currently, so yes the 'ä' character is the problem. Max length of 30 for both user and password is mentioned:

I've added a check for unicode chars in #488