From f912642c20d91c5e5b9baea91981929f5715feae Mon Sep 17 00:00:00 2001
From: Unrud <unrud@outlook.com>
Date: Thu, 17 Aug 2017 06:46:40 +0200
Subject: [PATCH] htpasswd: ignore comments

---
 radicale/auth.py            | 2 +-
 radicale/tests/test_auth.py | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/radicale/auth.py b/radicale/auth.py
index af8b303a..b5241064 100644
--- a/radicale/auth.py
+++ b/radicale/auth.py
@@ -216,7 +216,7 @@ class Auth(BaseAuth):
             with open(self.filename) as f:
                 for line in f:
                     line = line.rstrip("\n")
-                    if line.lstrip():
+                    if line.lstrip() and not line.lstrip().startswith("#"):
                         try:
                             login, hash_value = line.split(":", maxsplit=1)
                             # Always compare both login and password to avoid
diff --git a/radicale/tests/test_auth.py b/radicale/tests/test_auth.py
index 0dd67386..5a9b9ae9 100644
--- a/radicale/tests/test_auth.py
+++ b/radicale/tests/test_auth.py
@@ -121,6 +121,9 @@ class TestBaseAuthRequests(BaseTest):
         self._test_htpasswd("plain", " tmp : bepo ", (
             (" tmp ", " bepo ", 207), ("tmp", "bepo", 401)))
 
+    def test_htpasswd_comment(self):
+        self._test_htpasswd("plain", "#comment\n #comment\n \ntmp:bepo\n\n")
+
     def test_remote_user(self):
         self.configuration["auth"]["type"] = "remote_user"
         self.application = Application(self.configuration, self.logger)