refactor: inline disallowed-username regex in UsersStore.Authenticate (#8274)

internal/database/users.go

@@ -5,12 +5,12 @@ import (
 	"database/sql"
 	"fmt"
 	"os"
+	"regexp"
 	"strings"
 	"time"
 	"unicode/utf8"
 
 	"github.com/cockroachdb/errors"
-	"github.com/go-macaron/binding"
 	"gorm.io/gorm"
 	log "unknwon.dev/clog/v2"
 
@@ -51,6 +51,10 @@ func (err ErrLoginSourceMismatch) Error() string {
 	return fmt.Sprintf("login source mismatch: %v", err.args)
 }
 
+// disallowedUsernameChars matches any character not allowed in a username:
+// anything outside ASCII letters, digits, underscore, hyphen, or dot.
+var disallowedUsernameChars = regexp.MustCompile(`[^\d\w-_\.]`)
+
 // Authenticate validates username and password via given login source ID. It
 // returns ErrUserNotExist when the user was not found.
 //
@@ -129,7 +133,7 @@ func (s *UsersStore) Authenticate(ctx context.Context, login, password string, l
 	}
 
 	// Validate username make sure it satisfies requirement.
-	if binding.AlphaDashDotPattern.MatchString(extAccount.Name) {
+	if disallowedUsernameChars.MatchString(extAccount.Name) {
 		return nil, errors.Newf("invalid pattern for attribute 'username' [%s]: must be valid alpha or numeric or dash(-_) or dot characters", extAccount.Name)
 	}