/ Admin password change with special chars through web interface
My YunoHost server
YunoHost version: 4.2.5.2 | Moulinette 4.2.3
Description of my issue
Hi,
Following YunoHost 4.2 release / Sortie de YunoHost 4.2 - #89 by jeremy1 , here is a bug report: admin passwords changed from the web interface (https://domain.name/yunohost/admin/#/tools/adminpw ) are not correctly recorded if they contain one or several special chars. This topic aims to help users facing the same problem.
Is kind of related to [fix] Unicode password doesn't log in by zamentur · Pull Request #276 · YunoHost/moulinette · GitHub .
Steps to reproduce
First make sure to have access to the server (through SSH for example) with an open shell console.
Go to the web admin interface Tools > Change admin password
Change the admin password by using at least one special char (e.g. ù
or é
)
Try logging in through web admin again, observe that password is not accepted.
Workaround
Go to your shell console
Set the admin password (yunohost tools adminpw
) to the same as earlier (containing one or several special chars)
Try logging in through web admin again, observe that password is accepted
ljf
May 25, 2021, 11:19am
2
Indeed i reproduce that bug.
So it seems that’s the route “PUT /adminpw” doesn’t manage special chars correctly, cause if you set your special char password with yunohost tools adminpw
you are able to log on webadmin…
This bug is critical cause people could loose access on SSH and webadmin by changing password from webadmin…
I am not sure but it could be related to this line :
if isinstance(value, list) and len(value) == 1:
return value[0]
return value
def wrapper(*args, **kwargs):
params = kwargs
# Format boolean params
for a in args:
params[a] = True
# Append other request params
for k, v in request.params.dict.items():
v = _format(v)
if k not in params.keys():
params[k] = v
else:
curr_v = params[k]
# Append param value to the list
if not isinstance(curr_v, list):
curr_v = [curr_v]
if isinstance(v, list):
for i in v:
ljf
May 25, 2021, 11:37am
3
A temporary fix is here, we need to know if other parts of webadmin are impacted (like app install)
YunoHost:dev
← YunoHost:fix-request-params-not-decoded
opened 11:36AM - 25 May 21 UTC
Special chars nightmare...
https://forum.yunohost.org/t/admin-password-change-w… ith-special-chars-through-web-interface/15975
We need to test app install with special char in answer to the install form...
1 Like
The fix works on my side (I run yunohost tools upgrade system
to have Moulinette version 4.2.3.1). Thanks
system
Closed
June 25, 2021, 3:43pm
5
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.