Problem with "Repeat password: The given values are not equal." on password change form
julrich opened this issue · 3 comments
We're consistently receiving the following errors when submitting the password change form:
There where some errors with your input:
- Repeat password: The given values are not equal.
Upon inspecting, the field values in the frontend are generated / replaced by rsaauth, I think starting with a XHR to index.php?eID=RsaPublicKeyGenerationController.
Both <input type="password">-fields receive differing, rsa-encrypted values (e.g. "rsa:...").
Those are then sent to the PasswordController.php, which adds its $passwordRepeatArgumentValidator here:
https://github.com/pagemachine/hairu/blob/306b36c/Classes/Controller/PasswordController.php#L59
This results in the EqualValidator.php later having a falsy value for $valueIsValid here:
https://github.com/pagemachine/hairu/blob/306b36c/Classes/Validation/Validator/EqualValidator.php#L50
because the two values here ($value & $otherValue) are still the differing values sent by the frontend. Should those be decrypted on the backend-side before comparing? Or is the expectation here that the frontend should never send those encrypted values?
We're running TYPO3 8.7.15 with rsaauth in corresponding version 8.7.15 and hairuin version 2.1.0.
We are using felogin (also in corresponding 8.7.15 version) in addition for the login forms, if that could possibly make a difference.
Thanks for the detailed research here, the issue was fixed now and will be part of the next release.
The new version (2.1.1) is available via Composer now. Upload to TER is currently not working but the release will be uploaded as soon as this is fixed.
The issues have been resolved, version 2.1.1 is uploaded to TER.