Joomla! Issue Tracker | Joomla! CMS #37629 - [4.x] CLI create user password validation

No Code Attached Yet bug

New
Medium
Build: 4.1-dev
# 37629

brianteeman
23 Apr 2022

Steps to reproduce the issue

create a user using the cli
php cli/joomla.php user:add

follow the questions to create a user.

Add user
========

 Please enter a username:
 > ss

 Please enter a name (full name of user):
 > ss

 Please enter an email address:
 > ss@ss

 Please enter a password:
 > ss

Expected result

minimum validation rules apply

Actual result

possible to create a user with a 1 character password

brianteeman - open - 23 Apr 2022

joomla-cms-bot - change - 23 Apr 2022

Labels

Added: No Code Attached Yet

joomla-cms-bot - labeled - 23 Apr 2022

zero-24 - comment - 23 Apr 2022

Yes looks like there is no validation at all here: https://github.com/joomla/joomla-cms/blob/4.1-dev/libraries/src/Console/AddUserCommand.php#L130

Not sure whether it makes sense to just hardcode the validation there but maybe better implement the checks for the existing validation rules and XML files. Or is there a reason to specificly not implement the xml validation rules via the CLI?

brianteeman - comment - 23 Apr 2022

not sure if I care if it follows the exact site defined rules or just something a little more than just a single character

PhilETaylor - comment - 24 Apr 2022

That's what happens when @joomla/security team does no work for 2 years... #29817

Hackwar - change - 17 Feb 2023

Labels

Added: bug

Hackwar - labeled - 17 Feb 2023

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#37629] - [4.x] CLI create user password validation

Steps to reproduce the issue

Expected result

Actual result

Add a Comment