Open Braskalyne opened 5 months ago
I forgot to mention: I tried with a new Sulu project and an ES 7.17 image and had exactly the same problem.
I'm not familiar with Sulu, so I can only try to help. Moreover, we are not supporting anymore 6.x of elasticsearch-php. That said, did you try to use the double quotation to set the URL?
For instance:
ELASTICSEARCH_HOST="http://elastic:toto?@127.0.0.1:9200"
or
ELASTIC_PASSWORD="toto?"
The ?
character is not allowed in the URL so this will be encoded at the end with %3F
but the encoding is managed by elasticsearch-php itself.
I'm trying with a 7.17 image just to be sure. If i'm trying
ELASTICSEARCH_HOST="http://elastic:toto?@127.0.0.1:9200"
i got
In ClientBuilder.php line 811:
Could not parse URI: "http://elastic:toto?@127.0.0.1:9200"
@Braskalyne sorry for the late reply. DId you solve this or is still an issue?
I'm wondering, the ELASTIC_PASSWORD
that you used in the docker compose is an env variable that you created or something managed by Sulu?
Instead of passing the username:password
in the URL you can also use the setBasicAuthentication()
function of the ClientBuilder, as follows:
$client = ClientBuilder::create()
->setHosts(['127.0.0.1:9200'])
->setBasicAuthentication('elastic', 'toto?')
->build();
@ezimuel
In the end, I tested several characters 1 by 1 to determine which would pass through the string and which would break the connection, so as to be able to offer the security team enough characters to make the password secure. Here are the ones I tested:
Work: .!*&~;_-$() Not working: ?@#^[]{}%.
For example, (Tp3&(..!56xV--_&$ is working
Elasticsearch Version
6.8.0
Installed Plugins
Sulu - SuluArticle/Bundle
Java Version
bundled
OS Version
Ubuntu 20.04
Problem Description
I'm working on a project using Sulu 2.4.15 - php 8.2 - Symfony 5.5 - Sulu/Article-bundle 2.5.1
I usually use ElasticSearch with Sulu, which is recommended as standard. But until now, I've never secured the ElasticSearch connection via login/password. For this project, our customer is imposing a password made up of special characters, but I can't get in. For my example, I have an elastic 6.8.0 image:
The password is "toto?"
When I access my ES via Curl by encoding the password ( toto%3F ) I have no problem:
![Capture d’écran de 2024-02-01 13-48-46](https://github.com/elastic/elasticsearch/assets/44805901/ece1bbae-bce1-42db-b746-293751c15211)
But when I try to run a command that requires connecting to ElasticSearch from Sulu/ArticleBundle, like a sulu:article:reindex , I can't authenticate (1st screen is my .env.local, 2nd screen is the command on the left / the logs of ES on the right)
However, if I set the password in my ES docker to "toto" and remove %3F from my .env url, I don't have any connection problems. The problem comes from the special character "?
Digging through the error messages, I came across this file : vendor/elasticsearch/elasticsearch/src/Elasticsearch/Connections/Connection.php
And I realized that just before the query, the string was not decoded. If I modify it manually at this point, either by using an urldecode function or by hard-coding it, then I'm able to connect & do my reindex : (lines 235 and 236 both operate) :
But I don't understand why I need to manually "urldecode" my string, and this solution isn't viable since it's in the vendor/ folder.
I feel like I've searched in multiple places, asked on Slack Sulu, but I can't find any answer for what seems to be a very basic concern.
I've already tried it in my .env :
ELASTICSEARCH_HOST=http://elastic:toto%3F@127.0.0.1:9200 ELASTICSEARCH_HOST="http://elastic:toto%3F@127.0.0.1:9200" ELASTICSEARCH_HOST=http://elastic:toto?@127.0.0.1:9200 ELASTICSEARCH_HOST=http://elastic:toto\%3F@127.0.0.1:9200 ELASTICSEARCH_HOST=http://elastic:toto\?@127.0.0.1:9200 ELASTICSEARCH_HOST=http://elastic:toto%%3F@127.0.0.1:9200 etc...
Thanks a lot !
Steps to Reproduce
Install ES 6.8.0 :
Install a 2.5 Sulu project : https://docs.sulu.io/en/2.5/ Install Sulu/ArticleBundle 2.5 : https://github.com/sulu/SuluArticleBundle
Try a command like
bin/console sulu:article:reindex
Logs (if relevant)