sbwalker
commented
6 days ago The only way to reproduce this issue so that it can be investigated would be if you are able to provide the specific password value which is causing the validation issue.
Open thabaum opened 1 week ago
sbwalker
commented
6 days ago The only way to reproduce this issue so that it can be investigated would be if you are able to provide the specific password value which is causing the validation issue.
zyhfish
commented
5 days ago in PR #4756 I return the exactly errors return from identity provider so that we can know which part is failed.
thabaum
commented
5 days ago I will get a list of them to test here shortly. I had only time to create what I did for a PR issue. Thanks @zyhfish I will update this issue in a few.
thabaum
commented
5 days ago any validation updates should be included in the user management forms as well as the installer forms. I will find out what characters stopped the use of a password as maybe it wasnt allowed but I didnt know which character and did not log the password used at the time.
I will turn on the user registration area too as this form should also be reviewed. This should be checked for #4752 as well.
These areas should be updated as needed with messages what characters are not allowed or allow them if they are OK to use in the identity in the validation form.
thabaum
commented
5 days ago ,g]Pu=Nx%Zt.+48/*-+<>,./:";'{}|[]\!@#$%^&*()_+~
This password works in Registration form but not on the installer form for example
I will try to narrow down the characters, but the logic from registration form should be reviewed as well and the password reset/user profile form should match.
thabaum
commented
5 days ago seems like I took out the + sign and was the issue when I make it half the length
thabaum
commented
5 days ago yes I can confirm the + sign does not allow a user to install when in the password
thabaum
commented
5 days ago also note I do not believe this is not an issue in the user registration area or for updating your password in profile or creating user passwords, only in the installation form.
Validation logic in the installation form should allow the + character I believe as I don't think it will harm anything and it is allowed in other areas of setting an Oqtane user password.
sbwalker
commented
5 days ago In all cases the system is using .NET Identity to store passwords - so the validation behavior should be consistent. For example if a "+" sign is not allowed when specifying the host username during installation, it should also not be allowed when registering a new user through User Management - all passwords are validated using the same criteria - which is part of .NET Identity.
sbwalker
commented
5 days ago It is possible that this is an encoding issue ie. the user input is being encoded when passed to the server, but not decoded on the server. This will require some more investigation.
zyhfish
commented
5 days ago this is also been fixed by PR #4756
thabaum
commented
2 days ago @sbwalker This issue has been tested and fixed and I believe can be closed.
Oqtane Info
Version - 5.2.4 Render Mode - Static Interactivity - Server Database - SQL Server
Describe the bug
Unable To Install Default Installations Using "+" In The Password
Expected Behavior
An auto generated password is accepted default installations.
Steps To Reproduce
Install a fresh instance of Oqtane and use '+' in the Password Notice Potentially The Auto Generated Password Does Not Meet Password Complexity Although It Does Meet The Criteria Outlined
Anything else?
May need to work on this to figure out exactly why it didn't work once for me. It was saying password would not work. But when testing in User Management seems to work OK but needs more testing to know for sure as I did not retain the auto generated password.
Nothing mission critical but worth investigating a bit more to find out what special character combo is not being allowed to be used.
Some character is not being allowed that may need to be allowed in the regex.