How to pass specific characters password to ElasticSearch through Sulu/ArticleBundle

Elastic Stack Elasticsearch
1

Elasticsearch Version

6.8.0

Installed Plugins

Sulu - SuluArticle/Bundle

Java Version

bundled

OS Version

Ubuntu 20.04

Problem Description

I'm working on a project using Sulu 2.4.15 - php 8.2 - Symfony 5.5 - Sulu/Article-bundle 2.5.1

I usually use Elasticsearch with Sulu, which is recommended as standard. But until now, I've never secured the Elasticsearch connection via login/password.
For this project, our customer is imposing a password made up of special characters, but I can't get in.
For my example, I have an elastic 6.8.0 image:
Capture d’écran de 2024-02-01 13-46-28
The password is "toto?"
When I access my ES via Curl by encoding the password ( toto%3F ) I have no problem:

Capture d’écran de 2024-02-01 13-48-46
Capture d’écran de 2024-02-01 13-48-46950×370 54.1 KB

But when I try to run a command that requires connecting to Elasticsearch from Sulu/ArticleBundle, like a sulu:article:reindex , I can't authenticate (1st screen is my .env.local, 2nd screen is the command on the left / the logs of ES on the right)

Capture d’écran de 2024-02-01 13-53-00

Capture d’écran de 2024-02-01 13-53-33
Capture d’écran de 2024-02-01 13-53-331639×226 30.6 KB

However, if I set the password in my ES docker to "toto" and remove %3F from my .env url, I don't have any connection problems. The problem comes from the special character "?

Digging through the error messages, I came across this file :
vendor/elasticsearch/elasticsearch/src/Elasticsearch/Connections/Connection.php

And I realized that just before the query, the string was not decoded. If I modify it manually at this point, either by using an urldecode function or by hard-coding it, then I'm able to connect & do my reindex : (lines 235 and 236 both operate) :

Capture d’écran de 2024-02-01 13-58-01
Capture d’écran de 2024-02-01 13-58-011105×131 15.6 KB

But I don't understand why I need to manually "urldecode" my string, and this solution isn't viable since it's in the vendor/ folder.

I feel like I've searched in multiple places, asked on Slack Sulu, but I can't find any answer for what seems to be a very basic concern.

I've already tried it in my .env :

ELASTICSEARCH_HOST=http://elastic:toto%3F@127.0.0.1:9200
ELASTICSEARCH_HOST="http://elastic:toto%3F@127.0.0.1:9200"
ELASTICSEARCH_HOST=http://elastic:toto?@127.0.0.1:9200
ELASTICSEARCH_HOST=http://elastic:toto\%3F@127.0.0.1:9200
ELASTICSEARCH_HOST=http://elastic:toto\?@127.0.0.1:9200
ELASTICSEARCH_HOST=http://elastic:toto%%3F@127.0.0.1:9200
etc...

Thanks a lot !

Steps to Reproduce

Install ES 6.8.0 :

cat docker-compose.yml 
version: '3,7'

services:
  elasticsearch:
   image: elasticsearch:6.8.0
   ports:
     - 9200:9200
   environment:
     - discovery.type=single-node
     - ELASTIC_PASSWORD=toto?
     - xpack.security.enabled=true

Install a 2.5 Sulu project : Welcome to the Sulu Documentation! — Sulu 2.5 documentation
Install Sulu/ArticleBundle 2.5 : GitHub - sulu/SuluArticleBundle: Bundle for managing localized content-rich entities like blog-posts in the Sulu content management system

Try a command like

bin/console sulu:article:reindex

Logs (if relevant)

Capture d’écran de 2024-02-01 14-03-21
Capture d’écran de 2024-02-01 14-03-211855×69 19.6 KB

2

Welcome!

This version is a way too old and you should not use it anymore.
Please use at least 7.17 or better 8.12!

3

Hi David ! I forgot to mention that i also tried with a new sulu project and a 7.17 ES image on my docker-compose, but the problem is the same.

4

May be wrap the password with double quotes?

If you try with 7.17, please share the fiull details and please don't post images of text as it's hard to read and is not searchable.

Thanks

5

I already tried with double quotes.

Here is the docker-compose for the 7.17 image :

cat docker-compose.yml 
version: '3,7'

services:
  elasticsearch:
   image: docker.elastic.co/elasticsearch/elasticsearch:7.17.17
   ports:
     - 9200:9200
   environment:
     - discovery.type=single-node
     - ELASTIC_PASSWORD=toto?
     - xpack.security.enabled=true

And i get the same result in a brand new Sulu Project : When i try to, for example, create an index, i got this error :

{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/su_articles?include_type_name=true]","header":{"WWW-Authenticate":"Basic realm=\"security\" ch  
  arset=\"UTF-8\""}}],"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/su_articles?include_type_name=true]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset  
  =\"UTF-8\""}},"status":401}

And on the Log of the docker :

elasticsearch-elasticsearch-1  | {"type": "server", "timestamp": "2024-02-06T08:56:30,405Z", "level": "INFO", "component": "o.e.x.s.a.RealmsAuthenticator", "cluster.name": "docker-cluster", "node.name": "131fb8b51258", "message": "Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "cluster.uuid": "Ht_U5OURSvSD0NyCIRNXDw", "node.id": "xE6rXeH3SPW5YB6yvB-hmQ"  }

But once again, if i modify the file vendor/elasticsearch/elasticsearch/src/Elasticsearch>Connections>Connection.php ligne 262 and i add either this one :

$request['client']['curl'][10005] = "elastic:toto?";

or this one

$request['client']['curl'][10005] = urldecode($request['client']['curl'][10005]);

Then it works !

But well, i cannot modify and push a vendor folder, so i don't really know what to do :frowning:

6

Everything works on Elasticsearch side. I tried your compose file and then I ran:

david@mbp-de-david discuss-xxx % curl -u elastic http://localhost:9200
Enter host password for user 'elastic':

I typed toto?

{
  "name" : "c7bc3d5d73e4",
  "cluster_name" : "docker-cluster",
  "cluster_uuid" : "15urBLx-RtOD-WgeCz9SOw",
  "version" : {
    "number" : "7.17.17",
    "build_flavor" : "default",
    "build_type" : "docker",
    "build_hash" : "aba4da413a368e296dfc64fb20897334d0340aa1",
    "build_date" : "2024-01-18T10:05:03.821431920Z",
    "build_snapshot" : false,
    "lucene_version" : "8.11.1",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

curl -u "elastic:toto?" http://localhost:9200

Also worked well.

So this is not something you can solve on Elasticsearch side as it behaves correctly but check your code or the library you are using.

7

Yes that's my problem, with Curl it works fine but using the ArticleBundle it doesn't. But I don't know who to ask since on the Sulu slack I can't get an answer :frowning:
Thanks anyway

8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.