Fix missing admin_password_check validation in

setup form
2026-05-24 09:28:37 +00:00 · 2023-11-23 12:59:57 +00:00 · 2023-11-23 12:59:57 +00:00 · 3269e7ec54
commit 3269e7ec54
parent f92e327577
2 changed files with 19 additions and 36 deletions
--- a/src/ui/main.py
+++ b/src/ui/main.py
@ -362,7 +362,7 @@ def setup():
            flash("Missing form data.", "error")
            return redirect(url_for("setup"))

-        if not any(key in request.form for key in ("admin_username", "admin_password", "server_name", "hostname")):
+        if not any(key in request.form for key in ("admin_username", "admin_password", "admin_password_check", "server_name", "hostname")):
            flash("Missing either admin_username, admin_password, server_name or hostname parameter.", "error")
            return redirect(url_for("setup"))

@ -372,6 +372,10 @@ def setup():
            flash("The admin username is too long. It must be less than 256 characters.", "error")
            error = True

+        if request.form["admin_password"] != request.form["admin_password_check"]:
+            flash("The passwords do not match.", "error")
+            error = True
+
        if not USER_PASSWORD_RX.match(request.form["admin_password"]):
            flash("The admin password is not strong enough. It must contain at least 8 characters, including at least 1 uppercase letter, 1 lowercase letter, 1 number and 1 special character (#@?!$%^&*-).", "error")
            error = True
--- a/src/ui/templates/setup.html
+++ b/src/ui/templates/setup.html
@ -97,11 +97,11 @@
              >
                Username
              </h5>
-              <label class="sr-only" for="ADMIN_USERNAME">Username</label>
+              <label class="sr-only" for="admin_username">Username</label>
              <input
                type="text"
-                id="ADMIN_USERNAME"
-                name="ADMIN_USERNAME"
+                id="admin_username"
+                name="admin_username"
                class="col-span-12 dark:border-slate-600 dark:bg-slate-700 dark:text-gray-300 disabled:opacity-75 focus:valid:border-green-500 focus:invalid:border-red-500 outline-none focus:border-primary text-sm leading-5.6 ease block w-full appearance-none rounded-lg border border-solid border-gray-300 bg-white bg-clip-padding px-4 py-2 font-normal text-gray-700 transition-all placeholder:text-gray-500"
                placeholder="enter username"
                value="{{ username }}"
@ -118,11 +118,11 @@
              >
                Password
              </h5>
-              <label class="sr-only" for="ADMIN_PASSWORD">Password</label>
+              <label class="sr-only" for="admin_password">Password</label>
              <input
                type="password"
-                id="ADMIN_PASSWORD"
-                name="ADMIN_PASSWORD"
+                id="admin_password"
+                name="admin_password"
                class="col-span-12 dark:border-slate-600 dark:bg-slate-700 dark:text-gray-300 disabled:opacity-75 focus:valid:border-green-500 focus:invalid:border-red-500 outline-none focus:border-primary text-sm leading-5.6 ease block w-full appearance-none rounded-lg border border-solid border-gray-300 bg-white bg-clip-padding px-4 py-2 font-normal text-gray-700 transition-all placeholder:text-gray-500"
                placeholder="enter password"
                value="{{ password }}"
@ -139,13 +139,13 @@
              >
                Confirm Password
              </h5>
-              <label class="sr-only" for="ADMIN_PASSWORD_CHECK"
+              <label class="sr-only" for="admin_password_check"
                >Confirm Password</label
              >
              <input
                type="password"
-                id="ADMIN_PASSWORD_CHECK"
-                name="ADMIN_PASSWORD_CHECK"
+                id="admin_password_check"
+                name="admin_password_check"
                class="col-span-12 dark:border-slate-600 dark:bg-slate-700 dark:text-gray-300 disabled:opacity-75 focus:valid:border-green-500 focus:invalid:border-red-500 outline-none focus:border-primary text-sm leading-5.6 ease block w-full appearance-none rounded-lg border border-solid border-gray-300 bg-white bg-clip-padding px-4 py-2 font-normal text-gray-700 transition-all placeholder:text-gray-500"
                placeholder="confirm password"
                value="{{ password }}"
@ -162,11 +162,11 @@
              >
                Hostname
              </h5>
-              <label class="sr-only" for="HOSTNAME">Hostname</label>
+              <label class="sr-only" for="hostname">Hostname</label>
              <input
                type="text"
-                id="HOSTNAME"
-                name="HOSTNAME"
+                id="hostname"
+                name="hostname"
                class="col-span-12 dark:border-slate-600 dark:bg-slate-700 dark:text-gray-300 disabled:opacity-75 focus:valid:border-green-500 focus:invalid:border-red-500 outline-none focus:border-primary text-sm leading-5.6 ease block w-full appearance-none rounded-lg border border-solid border-gray-300 bg-white bg-clip-padding px-4 py-2 font-normal text-gray-700 transition-all placeholder:text-gray-500"
                placeholder="enter hostname"
                pattern="^https?:\/\/([a-zA-Z0-9.\u002D]{1,255}(:((6553[0-5])|(655[0-2][0-9])|(65[0-4][0-9]{2})|(6[0-4][0-9]{3})|([1-5][0-9]{4})|([0-5]{0,5})|([0-9]{1,4})))?)(\/.*)?$"
@ -184,8 +184,8 @@
              <label class="sr-only" for="server_names">server name</label>
              <input
                type="text"
-                id="server_names"
-                name="server_names"
+                id="server_name"
+                name="server_name"
                class="col-span-12 dark:border-slate-600 dark:bg-slate-700 dark:text-gray-300 disabled:opacity-75 focus:valid:border-green-500 focus:invalid:border-red-500 outline-none focus:border-primary text-sm leading-5.6 ease block w-full appearance-none rounded-lg border border-solid border-gray-300 bg-white bg-clip-padding px-4 py-2 font-normal text-gray-700 transition-all placeholder:text-gray-500"
                placeholder="app1.example.com"
                minlength="1"
@ -193,27 +193,6 @@
              />
            </div>
            <!-- end server name-->
-            <!-- server name-->
-            <div class="flex flex-col relative col-span-12 my-3">
-              <h5
-                class="text-lg my-1 transition duration-300 ease-in-out dark:opacity-90 text-md font-bold m-0 dark:text-gray-300"
-              >
-                Reverse proxy path
-              </h5>
-              <label class="sr-only" for="reverse_proxy_path"
-                >Reverse proxy path</label
-              >
-              <input
-                type="text"
-                id="reverse_proxy_path"
-                name="reverse_proxy_path"
-                class="col-span-12 dark:border-slate-600 dark:bg-slate-700 dark:text-gray-300 disabled:opacity-75 focus:valid:border-green-500 focus:invalid:border-red-500 outline-none focus:border-primary text-sm leading-5.6 ease block w-full appearance-none rounded-lg border border-solid border-gray-300 bg-white bg-clip-padding px-4 py-2 font-normal text-gray-700 transition-all placeholder:text-gray-500"
-                placeholder="/path"
-                minlength="1"
-                required
-              />
-            </div>
-            <!-- end server name-->
            <div class="flex justify-center">
              <button
                type="submit"