After updating password no credentials needed to login
-
I'm not sure what's happening here, but it seems after editing the password in
/app/data/env.shnow anyone can just click login over on https://listmonk.uniteddiversity.coop and it doesn't even ask for an credentials at all!?!?! -
@jdaviescoates
wtf?
-
@BrutalBirdie yeah, I know.
Just been playing around again.
If I change the pw to this:
sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjj*Gfk62nzW@M!W8VwB*epYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&Somehow that turns off needing to login at all!
Changing it to something this like
howveryoddworks fine.Then, changing it back to
sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjj*Gfk62nzW@M!W8VwB*epYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&turn auth off again.WFT?!?
-
This is good info.
Just in case pinging @girish.But I am also taking a look at this.
-
@BrutalBirdie
Did you use single quotes'or double quotes"or no quotes at all for the password? -
I thought perhaps it was a length thing but
howveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddworks too, so doesn't look like it.And just to double check that, in case that wasn't as long as the previous one this works fine too:
howveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddSo does
sBd@ni7fjTo2J3KGRKHmz
-
@BrutalBirdie said in After updating password no credentials needed to login:
Did you use single quotes ' or double quotes " or no quotes at all for the password?
You mean in the
/app/data/env.shfile?I just edited what was there, i.e. no quotes at all:
#!/bin/bash # https://listmonk.app/docs/configuration/#environment-variables export LISTMONK_app__admin_username=admin export LISTMONK_app__admin_password=howveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryoddhowveryodd export TZ=Etc/UTC # Do not change the values below export LISTMONK_app__address="0.0.0.0:9000" export LISTMONK_db__host="${CLOUDRON_POSTGRESQL_HOST}" export LISTMONK_db__port="${CLOUDRON_POSTGRESQL_PORT}" export LISTMONK_db__user="${CLOUDRON_POSTGRESQL_USERNAME}" export LISTMONK_db__password="${CLOUDRON_POSTGRESQL_PASSWORD}" export LISTMONK_db__database="${CLOUDRON_POSTGRESQL_DATABASE}" export LISTMONK_db__ssl_mode="disable" -
@jdaviescoates
I think the problem might not be the length.Try to use single quotes with the variable:
export LISTMONK_app__admin_password='sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjj*Gfk62nzW@M!W8VwB*epYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&'There is a special char which breaks the bash with no quotes.
This should do the trick.
If you try the command in a bash shell without the single quotes you get this:
export LISTMONK_app__admin_password=sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjj*Gfk62nzW@M!W8VwB*epYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT& bash: !W8VwB: event not foundWhich breaks the export statement and leaves the variable empty / not defined.
Which would explain why no password is needed, if none is set because of the bash error. -
@BrutalBirdie yep, it's the
&Having an
&at the end of the pw turns off auth.Having an
&somewhere in the middles seems to stop the app starting at all. -
@jdaviescoates it should work with single quotes tho even with the
&char.Good explanation here:
https://stackoverflow.com/questions/6697753/difference-between-single-and-double-quotes-in-bash -
@BrutalBirdie said in After updating password no credentials needed to login:
@jdaviescoates it should work with single quotes tho even with the & char.
It doesn't. Adding single (or double) quotes makes no difference whatsoever in the testing I just did.Hmz, scrap that. I think that was because I was simultaneously experiementing with quotes around
admintoo.Wait, now I'm really confused.
Using this as a password works:
'apwwith&'(hence why I crossed that bit out above)
But this still turns auth off completely:
'sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjj*Gfk62nzW@M!W8VwB*epYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&' -
@jdaviescoates
Then there is also a bug in the listmonk software itself.You can try the referenced line of code in your shell and it should return the correct string.
export LISTMONK_app__admin_password='sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjj*Gfk62nzW@M!W8VwB*epYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&'echo $LISTMONK_app__admin_password sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjj*Gfk62nzW@M!W8VwB*epYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&If the Bash does this correctly but the software has an issue, there might be a similar issue there.
-
@jdaviescoates
So just to make it clear.
Single quotes work now, even with the&char? -
@BrutalBirdie said in After updating password no credentials needed to login:
@jdaviescoates
So just to make it clear.
Single quotes work now, even with the&char?Sometimes.
Using this as a password works:
'apwwith&'But this still turns auth off completely:
'sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjj*Gfk62nzW@M!W8VwB*epYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&' -
@girish
Please don't JUST fix the issue, I have a trainee right now perfect task for him to start learning
I will not show him this conversation and will use this as a little benchmark for his skillset
-
@jdaviescoates said in After updating password no credentials needed to login:
Sometimes.
Using this as a password works:
'apwwith&'
But this still turns auth off completely:
'sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjjGfk62nzW@M!W8VwBepYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&'I will have to test this when I am at home.
-
@BrutalBirdie seems it has something to do with the
%too (or perhaps that is the main culprit?)Anyways, if I remove the
%from:sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjj*Gfk62nzW@M!W8VwB*epYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&It works with single quotes (but not without).
But with the
%included it breaks the auth even with the single quotes. -
But then this pw works fine too:
apwwith%&So perhaps it a combination of having
%ending with&and length as well?
But it can't be that either because this also works fine:
apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&I've got to collect children from school now so will have to stop testing, hopefully @BrutalBirdie will be able to figure out what's going on!
-
@jdaviescoates said in After updating password no credentials needed to login:
But this still turns auth off completely:
'sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjjGfk62nzW@M!W8VwBepYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&'I can't reproduce this. This is what I have:
export LISTMONK_app__admin_username=admin export LISTMONK_app__admin_password='sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjj*Gfk62nzW@M!W8VwB*epYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&' -
@girish said in After updating password no credentials needed to login:
export LISTMONK_app__admin_username=admin
export LISTMONK_app__admin_password='sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjjGfk62nzW@M!W8VwBepYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&'Odd. I can reproduce it over and over again.
Just did so again:
-
N nebulon referenced this topic on
