You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When trying out vendure via npx @vendure/create … I was not able to login when using a complex password. I could fix the problem by using a simpler password, which makes me think that this is a problem with an incorrectly escaped SQL query.
To Reproduce
Steps to reproduce the behavior:
Run npx @vendure/create some-folder
When asked for the superadmin password, enter 7WMe_kh;h0n/H!"K/AD[2z|x
Wait for the setup to finish
Try to login via the admin UI
Logging in fails with the notification "The provided credentials are invalid"
Expected behavior
As I'm using a password manager to generate my passwords, I'd expect the system to be able to handle pretty much any password that you throw at it (no restriction in character set and a reasonably high restriction in maximum password length, say 128 chars). I'd also expect the system to warn me if I'm using a password that does not meet its requirements.
Environment (please complete the following information):
@vendure/core version: 1.2.0
Nodejs version: 16.8.0
Database (mysql/postgres etc): SQLite
Finally let me say, thank you for working on vendure and providing it for free!
The text was updated successfully, but these errors were encountered:
Thanks for the report. This is interesting and unexpected, since we are using bcrypt to hash the password before putting it in the db. Possibly the error is originating somewhere higher on the stack.
OK, I tested this first of all by creating a new Administrator in an existing project using the password above, and all worked as expected.
So I followed your reproduction instructions with a new project and I found the issue - when generating the vendure-config.ts file during project scaffold, the string entered is not correctly escaped, so the resulting config looks like this:
notice that the " char has been escaped as ". I think this is done by Handlebars, which is used to interpolate the wizard values into the config file.
Describe the bug
When trying out vendure via
npx @vendure/create …
I was not able to login when using a complex password. I could fix the problem by using a simpler password, which makes me think that this is a problem with an incorrectly escaped SQL query.To Reproduce
Steps to reproduce the behavior:
npx @vendure/create some-folder
7WMe_kh;h0n/H!"K/AD[2z|x
Expected behavior
As I'm using a password manager to generate my passwords, I'd expect the system to be able to handle pretty much any password that you throw at it (no restriction in character set and a reasonably high restriction in maximum password length, say 128 chars). I'd also expect the system to warn me if I'm using a password that does not meet its requirements.
Environment (please complete the following information):
Finally let me say, thank you for working on vendure and providing it for free!
The text was updated successfully, but these errors were encountered: