search

requarks / wiki-v1

Legacy version (1.x) of Wiki.js
https://wiki.js.org
GNU Affero General Public License v3.0
101 stars 75 forks source link

clientSecret doesn't seem to be escaped properly #181

Open bviktor opened 5 years ago

bviktor commented 5 years ago

I just tried to install the latest release on CentOS 7.6. Ran the configuration wizard, where I entered everything except auth ID and secret. It all works now, but I can't use MS auth. After setting the clientId and clientSecret in config.yml manually, Wiki.js starts up, but when I select MS auth, it keeps saying

The client does not have a secret configured. If you are the client application developer, configure a secret through the application management site at https://apps.dev.microsoft.com/.

There's more. If the secret happens to contain a : at the end, Wiki.js won't even start up. Then the error log has a bunch of entries with this:

{ YAMLException: incomplete explicit mapping pair; a key node is missed at line 25, column 41:
     ... ntSecret: jatlTSIXF915%?=fjoOE33:
                                         ^
    at generateError (/opt/wikijs/node_modules/js-yaml/lib/js-yaml/loader.js:165:10)
    at throwError (/opt/wikijs/node_modules/js-yaml/lib/js-yaml/loader.js:171:9)
    at readBlockMapping (/opt/wikijs/node_modules/js-yaml/lib/js-yaml/loader.js:1000:9)
    at composeNode (/opt/wikijs/node_modules/js-yaml/lib/js-yaml/loader.js:1332:12)
    at readBlockMapping (/opt/wikijs/node_modules/js-yaml/lib/js-yaml/loader.js:1062:11)
    at composeNode (/opt/wikijs/node_modules/js-yaml/lib/js-yaml/loader.js:1332:12)
    at readBlockMapping (/opt/wikijs/node_modules/js-yaml/lib/js-yaml/loader.js:1062:11)
    at composeNode (/opt/wikijs/node_modules/js-yaml/lib/js-yaml/loader.js:1332:12)
    at readDocument (/opt/wikijs/node_modules/js-yaml/lib/js-yaml/loader.js:1492:3)
    at loadDocuments (/opt/wikijs/node_modules/js-yaml/lib/js-yaml/loader.js:1548:5)
  name: 'YAMLException',
  reason: 'incomplete explicit mapping pair; a key node is missed',
  mark:
   Mark {
     name: null,
     buffer:
      'title: Foobar Wiki\nhost: \'https://wiki.foobar.com\'\nport: 8080\npaths:\n  repo: ./repo\n  data: ./data\nuploads:\n  maxImageFileSize: 1\n  maxOtherFileSize: 1\nlang: en\nlangRtl: false\npublic: false\nauth:\n  defaultReadAccess: false\n  local:\n    enabled: true\n  google:\n    enabled: false\n    clientId: GOOGLE_CLIENT_ID\n    clientSecret: GOOGLE_CLIENT_SECRET\n  microsoft:\n    enabled: true\n    clien
     position: 518,
     line: 24,
     column: 40 },
  message:
   'incomplete explicit mapping pair; a key node is missed at line 25, column 41:\n     ... ntSecret: jatlTSIXF915%?=fjoOE33:\n

Configuration file excerpt:

auth:
  defaultReadAccess: false
  local:
    enabled: true
  google:
    enabled: false
    clientId: GOOGLE_CLIENT_ID
    clientSecret: GOOGLE_CLIENT_SECRET
  microsoft:
    enabled: true
    clientId: 9e0ab340-31e0-41b1-b995-1ee87b841b17
    #clientSecret: uhbzMTB11@brqFNQD627=;@
    #clientSecret: jatlTSIXF915%?=fjoOE33:
    clientSecret: yhllaVNO8|?ilVVRC5823$~
  facebook:
    enabled: false
    clientId: FACEBOOK_APP_ID
    clientSecret: FACEBOOK_APP_SECRET
...

I tried putting clientSecret between " ", or ' ', didn't help. Am I doing something wrong, or is this a bug?

NGPixel commented 5 years ago

Both clientSecret: 'yhllaVNO8|?ilVVRC5823$~' and clientSecret: "yhllaVNO8|?ilVVRC5823$~" are proper way to escape strings

bviktor commented 5 years ago

Too bad neither works.