Admin password change with special chars through web interface

:uk:/:us: Admin password change with special chars through web interface

My YunoHost server

YunoHost version: 4.2.5.2 | Moulinette 4.2.3

Description of my issue

Hi,

Following YunoHost 4.2 release / Sortie de YunoHost 4.2 - #89 by jeremy1, here is a bug report: admin passwords changed from the web interface (https://domain.name/yunohost/admin/#/tools/adminpw) are not correctly recorded if they contain one or several special chars. This topic aims to help users facing the same problem.

Is kind of related to [fix] Unicode password doesn't log in by zamentur · Pull Request #276 · YunoHost/moulinette · GitHub.

Steps to reproduce

First make sure to have access to the server (through SSH for example) with an open shell console.

  1. Go to the web admin interface Tools > Change admin password
  2. Change the admin password by using at least one special char (e.g. ù or é)
  3. Try logging in through web admin again, observe that password is not accepted.

Workaround

  1. Go to your shell console
  2. Set the admin password (yunohost tools adminpw) to the same as earlier (containing one or several special chars)
  3. Try logging in through web admin again, observe that password is accepted :slight_smile:

Indeed i reproduce that bug.

So it seems that’s the route “PUT /adminpw” doesn’t manage special chars correctly, cause if you set your special char password with yunohost tools adminpw you are able to log on webadmin…

This bug is critical cause people could loose access on SSH and webadmin by changing password from webadmin…
I am not sure but it could be related to this line :

A temporary fix is here, we need to know if other parts of webadmin are impacted (like app install)

1 Like

The fix works on my side (I run yunohost tools upgrade system to have Moulinette version 4.2.3.1). Thanks

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.