Skip to content

Fix handling of mysql passwords with weird characters in it #2660

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

Fix handling of mysql passwords with weird characters in it #2660

wants to merge 10 commits into from

Conversation

eldering
Copy link
Member

The password is passed inside the environment variable DATABASE_URL which is URI-like. However, it must be URL encoded there if it contains any strange characters, like a space, %, etc.

Also add a handy command dj_setup_database update-password that reset the MySQL database user password to what it currently in etc/dbpassword.secret, and handle weird passwords in this script. This script is now bash, and should probably be rewritten in PHP or so.

@eldering eldering force-pushed the fix-mysql-password branch 2 times, most recently from 169aa03 to ba630f7 Compare August 25, 2024 17:22
vmcj
vmcj reviewed Aug 25, 2024
View reviewed changes
@eldering eldering force-pushed the fix-mysql-password branch from ba630f7 to 0dc1deb Compare August 25, 2024 17:41
@eldering eldering closed this Aug 25, 2024
@eldering eldering force-pushed the fix-mysql-password branch from 0dc1deb to 9f12b77 Compare August 25, 2024 19:04
@eldering eldering reopened this Aug 25, 2024
@eldering eldering force-pushed the fix-mysql-password branch 3 times, most recently from 0cb10aa to e371261 Compare August 25, 2024 19:45
@eldering eldering mentioned this pull request Nov 22, 2024
Closed
@eldering eldering force-pushed the fix-mysql-password branch 7 times, most recently from 281bcfa to 23b48a9 Compare November 24, 2024 15:04
@eldering eldering mentioned this pull request Nov 25, 2024
Merged
@eldering eldering force-pushed the fix-mysql-password branch 8 times, most recently from 25b2a01 to 712afd2 Compare November 27, 2024 00:14
eldering added 2 commits July 5, 2025 21:54
@eldering
URL encode variables that go into a MySQL credentials URI
7ce8d16 
See for reference:
- https://dev.mysql.com/doc/refman/8.0/en/connecting-using-uri-or-key-value-pairs.html#connecting-using-uri
- https://symfony.com/doc/current/doctrine.html
but note that we must use `rawurlencode` instead of `urlencode` which
differ in how they encode a space (as tested).

Fixes: #2651
Closes: #2502 as this is likely fixed but I couldn't reproduce it
@eldering
Fixes for supporting passwords with weird characters
49357f1 
Use URL encoding in DATABASE_URL and return mysql_options
as an array (via ugly global variable), so each element
in it can be separately added to the command line using
`@` for expansion.

Because of changing the script to bash, also reverts some
of the changes in 483200a.
eldering added 8 commits July 5, 2025 21:54
@eldering
Set a more grep-able mysql root password in CI jobs, drop domjudge user
f832b11 
The domjudge mysql user should be created by our setup
scripts, so that we test these and need to set the password
only in one place.

Also don't explicitly pass root user/password to dj_setup_database
script. It will infer it from `~/.my.cnf`.

Rename mysql_root to mysql_log helper to clarify behaviour.
@eldering
Test plenty of weird characters in CI job MySQL password
32e2ec5
@eldering
Use our standard script to create database
f216b06
@eldering
Call read_dbpasswords outside of update_passwords function
cc8f0e5 
This is consistent with all the other functions.
@eldering
DEBUG
1882b26
@eldering
Don't pass DBUSER/PASSWD to symfony_console, always construct URL
428621d
@eldering
DEBUG simple password
b7e0ca2
@eldering
Set a more grep-able admin password
ba598f9
@eldering eldering force-pushed the fix-mysql-password branch from 712afd2 to ba598f9 Compare July 5, 2025 19:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vmcj vmcj vmcj left review comments

@nickygerritsen nickygerritsen nickygerritsen approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@eldering @nickygerritsen @vmcj
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy