From 1d2575a2115de9ef780949746edce56fb8eda074 Mon Sep 17 00:00:00 2001
From: Matthias Grundmann <matthias.grundmann@kit.edu>
Date: Tue, 12 Jun 2018 10:49:24 +0200
Subject: [PATCH] Allow - in usernames because CSRF lesson requires username
 starting with prefix crsf- #476

---
 .../src/main/java/org/owasp/webgoat/users/UserForm.java         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserForm.java b/webgoat-container/src/main/java/org/owasp/webgoat/users/UserForm.java
index c9e3b7d70..e2062cbdd 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserForm.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/users/UserForm.java
@@ -17,7 +17,7 @@ public class UserForm {
 
     @NotNull
     @Size(min=6, max=20)
-    @Pattern(regexp = "[a-zA-Z0-9]*", message = "can only contain letters and digits")
+    @Pattern(regexp = "[a-zA-Z0-9-]*", message = "can only contain letters, digits, and -")
     private String username;
     @NotNull
     @Size(min=6, max=10)