Bug #81936
closedInstalltool Empty Password Error
100%
Description
Installtool throws an error if no password is providet.
PHP Warning: hash_equals(): Expected known_string to be a string, null given in /Users/ba/WebSites/typo3_src-8.7.3/typo3/sysext/saltedpasswords/Classes/Salt/Pbkdf2Salt.php line 111
It works fine with a correct or a wrong password, but not with a emty one.
Updated by Wouter Wolters over 7 years ago
- Status changed from New to Needs Feedback
For both action in the Install Tool to set a password (Install Tool password and new admin account) there is a check in place to check for a minimal length of the given password of 8 characters.
Can you debug this in ImportantActions of give us a full stack trace?
Updated by Renzo Bauen over 7 years ago
Here you go:
TYPO3\CMS\Core\Error\Exception thrown in file
/Users/ba/WebSites/typo3_src-8.7.3/typo3/sysext/core/Classes/Error/ErrorHandler.php in line 112.
9 TYPO3\CMS\Core\Error\ErrorHandler::handleError(2, "hash_equals(): Expected known_string to be a string, null given", "/Users/ba/WebSites/typo3_src-8.7.3/typo3/sysext/saltedpasswords/Classes/Salt/Pbkdf2Salt.php", 111, array)
8 hash_equals(NULL, "$pbkdf2-sha256$25000$wtHEvZ3Ya.xHTLZaH48JNA$2NBpl2b6P7d/HC4zieDJBZ2MWhyyMyzl5xsgErjUxJ8")
/Users/ba/WebSites/typo3_src-8.7.3/typo3/sysext/saltedpasswords/Classes/Salt/Pbkdf2Salt.php:
00109: public function checkPassword($plainPW, $saltedHashPW)
00110: {
00111: return $this->isValidSalt($saltedHashPW) && \hash_equals($this->getHashedPassword($plainPW, $saltedHashPW), $saltedHashPW);
00112: }
00113:
7 TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt::checkPassword("", "$pbkdf2-sha256$25000$wtHEvZ3Ya.xHTLZaH48JNA$2NBpl2b6P7d/HC4zieDJBZ2MWhyyMyzl5xsgErjUxJ8")
/Users/ba/WebSites/typo3_src-8.7.3/typo3/sysext/install/Classes/Controller/AbstractController.php:
00218: $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($installToolPassword);
00219: if (is_object($saltFactory)) {
00220: $validPassword = $saltFactory->checkPassword($password, $installToolPassword);
00221: } elseif (md5($password) === $installToolPassword) {
00222: // Update install tool password
6 TYPO3\CMS\Install\Controller\AbstractController::loginIfRequested()
/Users/ba/WebSites/typo3_src-8.7.3/typo3/sysext/install/Classes/Controller/StepController.php:
00054: $this->checkSessionToken();
00055: $this->checkSessionLifetime();
00056: $this->loginIfRequested();
00057: $this->outputLoginFormIfNotAuthorized();
00058: $this->executeSpecificStep();
5 TYPO3\CMS\Install\Controller\StepController::execute()
/Users/ba/WebSites/typo3_src-8.7.3/typo3/sysext/install/Classes/Http/RequestHandler.php:
00061: $controllerClassName = \TYPO3\CMS\Install\Controller\StepController::class;
00062: }
00063: GeneralUtility::makeInstance($controllerClassName)->execute();
00064: }
00065:
4 TYPO3\CMS\Install\Http\RequestHandler::handleRequest(TYPO3\CMS\Core\Http\ServerRequest)
/Users/ba/WebSites/typo3_src-8.7.3/typo3/sysext/core/Classes/Core/Bootstrap.php:
00308:
00309: // Execute the command which returns a Response object or NULL
00310: $this->response = $requestHandler->handleRequest($request);
00311: return $this;
00312: }
3 TYPO3\CMS\Core\Core\Bootstrap::handleRequest(TYPO3\CMS\Core\Http\ServerRequest)
/Users/ba/WebSites/typo3_src-8.7.3/typo3/sysext/install/Classes/Http/Application.php:
00073: public function run(callable $execute = null)
00074: {
00075: $this->bootstrap->handleRequest(\TYPO3\CMS\Core\Http\ServerRequestFactory::fromGlobals());
00076:
00077: if ($execute !== null) {
2 TYPO3\CMS\Install\Http\Application::run()
/Users/ba/WebSites/typo3_src-8.7.3/typo3/sysext/install/Start/Install.php:
00101: call_user_func(function () {
00102: $classLoader = require DIR . '/../../../../vendor/autoload.php';
00103: (new \TYPO3\CMS\Install\Http\Application($classLoader))->run();
00104: });
1 {closure}()
/Users/ba/WebSites/typo3_src-8.7.3/typo3/sysext/install/Start/Install.php:
00102: $classLoader = require DIR . '/../../../../vendor/autoload.php';
00103: (new \TYPO3\CMS\Install\Http\Application($classLoader))->run();
00104: });
Updated by Renzo Bauen over 7 years ago
I have some different installations, one on a LINUX-Box, this works fine (same TYPO3 Version, same PHP, etc.) The one who is buggy, is on a MacBook-Pro with mariadb.
The buggy Version was installed as 8.7.2 and then updated to 8.7.3 (core update in installtool).
But as I'm investigating, i found some problems with the apache installation.
Therefore please hold on. The source of the problem might be somewhere else... maybe in the apache config.
I will check this and give a replay here.
Updated by Renzo Bauen over 7 years ago
I could repeat the error:
1. Fresh Install of TYPO3 8.7.3 (PHP 7)
2. Go to Installtool, set Configuration Presets -> Debug settings to Debug
3. Log out and login leaving the password blank to the installtool
4. bam the error is thrown.
If you set the Configuration Presets -> Debug settings back to Live, the error is gone!
Best Regards
Renzo
Updated by Oliver Hader over 7 years ago
- Status changed from Needs Feedback to Accepted
- Priority changed from Must have to Should have
Confirmed in TYPO3_8-7 and master. Entering empty password results in #1476107295: PHP Warning: hash_equals(): Expected known_string to be a string, null given in master/typo3/sysext/saltedpasswords/Classes/Salt/Pbkdf2Salt.php line 111
using debug configuration preset. The live preset is catching the error throwable.
Updated by Gerrit Code Review over 7 years ago
- Status changed from Accepted to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53613
Updated by Gerrit Code Review over 7 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53613
Updated by Gerrit Code Review over 7 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53613
Updated by Gerrit Code Review over 7 years ago
Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53628
Updated by Markus Hölzle over 7 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset c084e085d682ef2a2fe45dd0549533072d1c366b.
Updated by Frans Saris over 7 years ago
- Related to Bug #82147: Security status report gives error when install tool password is empty added