New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Passwords containing special chars do not work correctly #20021
Comments
Is it the same as #19857 (User Deletion throws error "Password is too weak")? |
I can't recreate this one as well. Any @samjf error shows in the log? |
@peterhashair I looked at the time and didn't see anything at all sorry 😢 I tried to squeeze any more detail, but unfortunately that is all I got. |
@samjf Would be interesting to know if the password confirmation error really only happens when removing a former super user. I would guess that this also happens when removing any other user and maybe even also when saving system or plugin setting. |
I can confirm all type of users are concerned, not only super users. |
Are you using any special chars in the password or maybe an additional login plugin like LDAP or SAML? |
@sgiehl thanks for your reply, password is obviously strong :) (contains multiple special chars), and not using any saml/oauth connector yet. Hope this helps! |
@Olivier-SP would you mind trying to change your password to something without special chars and check if the password prompt for deleting a user then works? That would help us a lot in order to identify the problems origin. |
@sgiehl changed my password to something "simple", and worked like a charm :) Edit: but, after being able to remove users, I moved back my password to something secure (my previous password), Matomo told me it was applied, unfortunately after disconnecting/reconnecting my password is not recognized, but kept my previous password. Edit 2: reset password procedure let me set back a secure password |
I was able to reproduce that locally by using a password that contains a |
Thanks a lot for your time and the coming fix! |
Just a note for the developer who's gonna start working on this one: My assumption for the problem is something like this: We should check the code so we in the end always use the plain parameters for passwords / password confirmations. |
We need to move a fix for this to Matomo 5. I tried changing that for Matomo 4, but it's too much effort for a quick fix and the risk of possible other regressions is too high. In addition we already implemented changes to Matomo 5, that will help fixing this a lot easier. @Olivier-SP If my tests were correct, the char making problems should be |
This issue has been mentioned on Matomo forums. There might be relevant details there: https://forum.matomo.org/t/badd-username-and-password-when-try-to-upload-a-plugin/51170/2 |
I received a report that a super user could not remove a former super user using the user management in settings.
The following is known about the user to be deleted:
The following recreation steps were supplied:
Expected Behavior
The user targeted for deletion should be deleted.
Current Behavior
The error message "The current password you entered is not correct"
Possible Solution
I could not recreate this.
Steps to Reproduce (for Bugs)
The following recreation steps were supplied:
Context
See above.
Your Environment
The text was updated successfully, but these errors were encountered: