How to pass specific characters password to ElasticSearch through Sulu/ArticleBundle #1391
Comments
|
I forgot to mention: I tried with a new Sulu project and an ES 7.17 image and had exactly the same problem. |
|
I'm not familiar with Sulu, so I can only try to help. Moreover, we are not supporting anymore 6.x of elasticsearch-php. For instance: or The |
|
I'm trying with a 7.17 image just to be sure.
i got |
|
@Braskalyne sorry for the late reply. DId you solve this or is still an issue? $client = ClientBuilder::create()
->setHosts(['127.0.0.1:9200'])
->setBasicAuthentication('elastic', 'toto?')
->build(); |
|
In the end, I tested several characters 1 by 1 to determine which would pass through the string and which would break the connection, so as to be able to offer the security team enough characters to make the password secure. Here are the ones I tested: Work: .!*&~;_-$() For example, (Tp3&(..!56xV--_&$ is working |
Elasticsearch Version
6.8.0
Installed Plugins
Sulu - SuluArticle/Bundle
Java Version
bundled
OS Version
Ubuntu 20.04
Problem Description
I'm working on a project using Sulu 2.4.15 - php 8.2 - Symfony 5.5 - Sulu/Article-bundle 2.5.1
I usually use ElasticSearch with Sulu, which is recommended as standard. But until now, I've never secured the ElasticSearch connection via login/password.
For this project, our customer is imposing a password made up of special characters, but I can't get in.
For my example, I have an elastic 6.8.0 image:
The password is "toto?"
When I access my ES via Curl by encoding the password ( toto%3F ) I have no problem:
But when I try to run a command that requires connecting to ElasticSearch from Sulu/ArticleBundle, like a sulu:article:reindex , I can't authenticate (1st screen is my .env.local, 2nd screen is the command on the left / the logs of ES on the right)
However, if I set the password in my ES docker to "toto" and remove %3F from my .env url, I don't have any connection problems. The problem comes from the special character "?
Digging through the error messages, I came across this file :
vendor/elasticsearch/elasticsearch/src/Elasticsearch/Connections/Connection.php
And I realized that just before the query, the string was not decoded. If I modify it manually at this point, either by using an urldecode function or by hard-coding it, then I'm able to connect & do my reindex : (lines 235 and 236 both operate) :
But I don't understand why I need to manually "urldecode" my string, and this solution isn't viable since it's in the vendor/ folder.
I feel like I've searched in multiple places, asked on Slack Sulu, but I can't find any answer for what seems to be a very basic concern.
I've already tried it in my .env :
ELASTICSEARCH_HOST=http://elastic:toto%3F@127.0.0.1:9200
ELASTICSEARCH_HOST="http://elastic:toto%3F@127.0.0.1:9200"
ELASTICSEARCH_HOST=http://elastic:toto?@127.0.0.1:9200
ELASTICSEARCH_HOST=http://elastic:toto\%3F@127.0.0.1:9200
ELASTICSEARCH_HOST=http://elastic:toto\?@127.0.0.1:9200
ELASTICSEARCH_HOST=http://elastic:toto%%3F@127.0.0.1:9200
etc...
Thanks a lot !
Steps to Reproduce
Install ES 6.8.0 :
Install a 2.5 Sulu project : https://docs.sulu.io/en/2.5/
Install Sulu/ArticleBundle 2.5 : https://github.com/sulu/SuluArticleBundle
Try a command like
bin/console sulu:article:reindexLogs (if relevant)
The text was updated successfully, but these errors were encountered: