How to pass specific characters password to ElasticSearch through Sulu/ArticleBundle

Agdi · February 5, 2024, 2:44pm

Elasticsearch Version

6.8.0

Installed Plugins

Sulu - SuluArticle/Bundle

Java Version

bundled

OS Version

Ubuntu 20.04

Problem Description

I'm working on a project using Sulu 2.4.15 - php 8.2 - Symfony 5.5 - Sulu/Article-bundle 2.5.1

I usually use Elasticsearch with Sulu, which is recommended as standard. But until now, I've never secured the Elasticsearch connection via login/password.
For this project, our customer is imposing a password made up of special characters, but I can't get in.
For my example, I have an elastic 6.8.0 image:
Capture d’écran de 2024-02-01 13-46-28
The password is "toto?"
When I access my ES via Curl by encoding the password ( toto%3F ) I have no problem:

But when I try to run a command that requires connecting to Elasticsearch from Sulu/ArticleBundle, like a sulu:article:reindex , I can't authenticate (1st screen is my .env.local, 2nd screen is the command on the left / the logs of ES on the right)

Capture d’écran de 2024-02-01 13-53-00

However, if I set the password in my ES docker to "toto" and remove %3F from my .env url, I don't have any connection problems. The problem comes from the special character "?

Digging through the error messages, I came across this file :
vendor/elasticsearch/elasticsearch/src/Elasticsearch/Connections/Connection.php

And I realized that just before the query, the string was not decoded. If I modify it manually at this point, either by using an urldecode function or by hard-coding it, then I'm able to connect & do my reindex : (lines 235 and 236 both operate) :

But I don't understand why I need to manually "urldecode" my string, and this solution isn't viable since it's in the vendor/ folder.

I feel like I've searched in multiple places, asked on Slack Sulu, but I can't find any answer for what seems to be a very basic concern.

I've already tried it in my .env :

ELASTICSEARCH_HOST=http://elastic:toto%3F@127.0.0.1:9200
ELASTICSEARCH_HOST="http://elastic:toto%3F@127.0.0.1:9200"
ELASTICSEARCH_HOST=http://elastic:toto?@127.0.0.1:9200
ELASTICSEARCH_HOST=http://elastic:toto\%3F@127.0.0.1:9200
ELASTICSEARCH_HOST=http://elastic:toto\?@127.0.0.1:9200
ELASTICSEARCH_HOST=http://elastic:toto%%3F@127.0.0.1:9200
etc...

Thanks a lot !

Steps to Reproduce

Install ES 6.8.0 :

cat docker-compose.yml 
version: '3,7'

services:
  elasticsearch:
   image: elasticsearch:6.8.0
   ports:
     - 9200:9200
   environment:
     - discovery.type=single-node
     - ELASTIC_PASSWORD=toto?
     - xpack.security.enabled=true

Install a 2.5 Sulu project : Welcome to the Sulu Documentation! — Sulu 2.5 documentation
Install Sulu/ArticleBundle 2.5 : GitHub - sulu/SuluArticleBundle: Bundle for managing localized content-rich entities like blog-posts in the Sulu content management system

Try a command like

bin/console sulu:article:reindex

Logs (if relevant)

dadoonet · February 5, 2024, 5:52pm

Welcome!

This version is a way too old and you should not use it anymore.
Please use at least 7.17 or better 8.12!

Agdi · February 5, 2024, 8:29pm

Hi David ! I forgot to mention that i also tried with a new sulu project and a 7.17 ES image on my docker-compose, but the problem is the same.

dadoonet · February 5, 2024, 9:20pm

May be wrap the password with double quotes?

If you try with 7.17, please share the fiull details and please don't post images of text as it's hard to read and is not searchable.

Thanks

Agdi · February 6, 2024, 9:02am

I already tried with double quotes.

Here is the docker-compose for the 7.17 image :

cat docker-compose.yml 
version: '3,7'

services:
  elasticsearch:
   image: docker.elastic.co/elasticsearch/elasticsearch:7.17.17
   ports:
     - 9200:9200
   environment:
     - discovery.type=single-node
     - ELASTIC_PASSWORD=toto?
     - xpack.security.enabled=true

And i get the same result in a brand new Sulu Project : When i try to, for example, create an index, i got this error :

{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/su_articles?include_type_name=true]","header":{"WWW-Authenticate":"Basic realm=\"security\" ch  
  arset=\"UTF-8\""}}],"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/su_articles?include_type_name=true]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset  
  =\"UTF-8\""}},"status":401}

And on the Log of the docker :

elasticsearch-elasticsearch-1  | {"type": "server", "timestamp": "2024-02-06T08:56:30,405Z", "level": "INFO", "component": "o.e.x.s.a.RealmsAuthenticator", "cluster.name": "docker-cluster", "node.name": "131fb8b51258", "message": "Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "cluster.uuid": "Ht_U5OURSvSD0NyCIRNXDw", "node.id": "xE6rXeH3SPW5YB6yvB-hmQ"  }

But once again, if i modify the file vendor/elasticsearch/elasticsearch/src/Elasticsearch>Connections>Connection.php ligne 262 and i add either this one :

$request['client']['curl'][10005] = "elastic:toto?";

or this one

$request['client']['curl'][10005] = urldecode($request['client']['curl'][10005]);

Then it works !

But well, i cannot modify and push a vendor folder, so i don't really know what to do

dadoonet · February 6, 2024, 9:21am

Everything works on Elasticsearch side. I tried your compose file and then I ran:

david@mbp-de-david discuss-xxx % curl -u elastic http://localhost:9200
Enter host password for user 'elastic':

I typed toto?

{
  "name" : "c7bc3d5d73e4",
  "cluster_name" : "docker-cluster",
  "cluster_uuid" : "15urBLx-RtOD-WgeCz9SOw",
  "version" : {
    "number" : "7.17.17",
    "build_flavor" : "default",
    "build_type" : "docker",
    "build_hash" : "aba4da413a368e296dfc64fb20897334d0340aa1",
    "build_date" : "2024-01-18T10:05:03.821431920Z",
    "build_snapshot" : false,
    "lucene_version" : "8.11.1",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

curl -u "elastic:toto?" http://localhost:9200

Also worked well.

So this is not something you can solve on Elasticsearch side as it behaves correctly but check your code or the library you are using.

Agdi · February 6, 2024, 9:24am

Yes that's my problem, with Curl it works fine but using the ArticleBundle it doesn't. But I don't know who to ask since on the Sulu slack I can't get an answer
Thanks anyway

system · March 5, 2024, 9:25am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to connect to elasticsearch using elasticsearch-py when password contains special characters Elasticsearch	2	4241	July 5, 2017
ES + ES Enterprise Search via Docker Compose ignores password Elasticsearch elastic-stack-security , docker	0	160	April 28, 2024
Escape character while connecting with Elastic Search Elasticsearch	3	181	November 22, 2022
In docker elasticsearch 5.2.1 x-pack can not login Elasticsearch	2	1103	February 21, 2017
Installed Elasticsearch docker does not have a password Elasticsearch docker	7	1580	October 12, 2021