YetiForceCompany / YetiForceCRM

Our team created for you one of the most innovative CRM systems that supports mainly business processes and allows for customization according to your needs. Be ahead of your competition and implement YetiForce!
https://yetiforce.com
Other
1.73k stars 748 forks source link

Entering a too short password in the installer will fail without noticing. #8103

Closed victor-vanherpt closed 6 years ago

victor-vanherpt commented 6 years ago

Issue

While installing, the installer allows you to create an admin account, if you input a shorter password, or a password that is not valid (no capitals, etc) it won't notice, but will fail upon installing.

Actual Behavior

The installer allows for a short or invalid password, and silently (to the user) fails by throwing a fatal error to the log.

Expected Behavior

The installer should display a validation error, and also the failure should show up in the "please wait" step.

How to trigger the error

  1. Install with short or invalid password for the admin user
  2. Wait forever for the installer to finish ;)

Screenshot of configuration

PHP/Apache/Browser Logs

[Wed Sep 19 16:52:40.500196 2018] [php7:error] [pid 3342] [client 79.152.184.118:35930] PHP Fatal error: Uncaught App\Exceptions\Security: Longitud m\xc3\xadnima de la contrase\xc3\xb1a 8 caracteres in /var/www/html/YetiForceCRM/modules/Vtiger/uitypes/Password.php:23\nStack trace:\n#0 /var/www/html/YetiForceCRM/modules/Users/models/Record.php(242): Vtiger_Password_UIType->validate('7chars7')\n#1 /var/www/html/YetiForceCRM/modules/Users/models/Record.php(197): Users_Record_Model->getValuesForSave()\n#2 /var/www/html/YetiForceCRM/modules/Users/models/Record.php(178): Users_Record_Model->saveToDb()\n#3 /var/www/html/YetiForceCRM/install/models/InitSchema.php(114): Users_Record_Model->save()\n#4 /var/www/html/YetiForceCRM/install/models/InitSchema.php(23): Install_InitSchema_Model->setDefaultUsersAccess()\n#5 /var/www/html/YetiForceCRM/install/views/Index.php(258): Install_InitSchema_Model->initialize()\n#6 /var/www/html/YetiForceCRM/install/views/Index.php(126): Install_Index_View->step7(Object(App\Request))\n#7 /var/www/html/YetiForceCRM/install/Install.php(32): Install_Index_View->process(Object(App\Request))\n#8 {main}\n thrown in /var/www/html/YetiForceCRM/modules/Vtiger/uitypes/Password.php on line 23

Your Environment

victor-vanherpt commented 6 years ago

never mind, bad installation...