FOSUserBundle icon indicating copy to clipboard operation
FOSUserBundle copied to clipboard

Published 20 hours ago verified publisher icon FriendsOfSymfony

Bug during registration. Registration form allows to create a user without a password.

Open kwn opened this issue 10 years ago • 0 comments

Hi,

I found an intereting bug. Im not sure if it was reported before. Manipulating html form allows to pass a validation and create a user without plainPassword. That couses a Doctrine\DBAL\DBALException, with message:

An exception occurred while executing 'INSERT INTO user (username, username_canonical, email, email_canonical, enabled, salt, password, last_login, locked, expired, expires_at, confirmation_token, password_requested_at, roles, credentials_expired, credentials_expire_at, facebook_id, facebook_access_token, created_at, updated_at, slug, firstname, lastname, location, bio, blog, subscription, lat, lng, pnsid, avatar_filename, device_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)' with params ["alotro2", "alotro2", "[email protected]", "[email protected]", 0, "lo97nfwfnwg488c8c0ok88gcw88ok00", null, null, 0, 0, null, "dOsnQmadmZZsWc7ccjizV-oharAi1NJEN-M-Ub6dOMw", null, "a:0:{}", 0, null, null, null, "2015-01-16 03:05:46", "2015-01-16 03:05:46", "alotro2", null, null, null, null, null, null, null, null, null, null, null]: SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'password' cannot be null"

How to reproduce this bug? Let say we've got a typical register form:

<form class="fos_user_registration_register" method="POST" action="/register/">
    <input type="text" class="form-control" maxlength="255" required="required" name="fos_user_registration_form[firstname]" id="fos_user_registration_form_firstname">
    <input type="text" class="form-control" maxlength="255" required="required" name="fos_user_registration_form[lastname]" id="fos_user_registration_form_lastname">
    <input type="email" class="form-control" required="required" name="fos_user_registration_form[email]" id="fos_user_registration_form_email">
    <input type="password" class="form-control" required="required" name="fos_user_registration_form[plainPassword][first]" id="fos_user_registration_form_plainPassword_first">
    <input type="password" class="form-control" required="required" name="fos_user_registration_form[plainPassword][second]" id="fos_user_registration_form_plainPassword_second">
    <input type="hidden" value="K1uqxX4rK6mKWRFutDoqraxjzBirVnuT51BBS8CDLoo" name="fos_user_registration_form[_token]" id="fos_user_registration_form__token">
    <input type="submit" class="btn btn-wd-primary" value="Zarejestruj">
</form>

What we need to do right now is:

  1. Remove fos_user_registration_form[plainPassword][second] input
  2. Change name in the first input from fos_user_registration_form[plainPassword][first] to fos_user_registration_form[plainPassword]
  3. Submit the form
  4. See what happens

kwn avatar Jan 16 '15 02:01 kwn