github-starred/pangolin
2
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-05-07 13:19:07 -05:00
Code Issues 564 Packages Projects Releases 72 Wiki Activity

[GH-ISSUE #96] Password starting with "!" results in a crash when starting pangolin container. #6081

New Issue
Closed
opened 2026-04-25 14:56:16 -05:00 by GiteaMirror · 7 comments
GiteaMirror commented 2026-04-25 14:56:16 -05:00
Owner
Copy Link

Originally created by @netxer on GitHub (Jan 22, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/96

Error: Error loading configuration file: unknown tag !<!password> (46:1)

43 | email: sinofage@gmail.com
44 | password: !password
45 |
46 | flags:
------^
47 | require_email_verification: ...
48 | disable_signup_without_invi ...
at loadConfig (/app/server/lib/config.ts:163:27)
at Config.loadConfig (/app/server/lib/config.ts:173:27)
at new Config (/app/server/lib/config.ts:146:14)
at (/app/server/lib/config.ts:334:23)

Node.js v20.18.1

Originally created by @netxer on GitHub (Jan 22, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/96 Error: Error loading configuration file: unknown tag !<!password> (46:1) 43 | email: sinofage@gmail.com 44 | password: !password 45 | 46 | flags: ------^ 47 | require_email_verification: ... 48 | disable_signup_without_invi ... at loadConfig (/app/server/lib/config.ts:163:27) at Config.loadConfig (/app/server/lib/config.ts:173:27) at new Config (/app/server/lib/config.ts:146:14) at <anonymous> (/app/server/lib/config.ts:334:23) Node.js v20.18.1
GiteaMirror commented 2026-04-25 14:56:17 -05:00
Author
Owner
Copy Link

@miloschwartz commented on GitHub (Jan 22, 2025):

In YAML adding ! before a string indicates a tag or type. If you want to put ! in the beginning, you should surround the string with double quotes, like: password: "!password".

Also, this password will be rejected because it's not strong enough.

Admin Password: Must meet these requirements:

  • At least 8 characters
  • At least one uppercase letter
  • At least one lowercase letter
  • At least one digit
  • At least one special character
<!-- gh-comment-id:2607989575 --> @miloschwartz commented on GitHub (Jan 22, 2025): In YAML adding `!` before a string indicates a tag or type. If you want to put `!` in the beginning, you should surround the string with double quotes, like: `password: "!password"`. Also, this password will be rejected because it's not strong enough. Admin Password: Must meet these requirements: - At least 8 characters - At least one uppercase letter - At least one lowercase letter - At least one digit - At least one special character
GiteaMirror commented 2026-04-25 14:56:18 -05:00
Author
Owner
Copy Link

@netxer commented on GitHub (Jan 22, 2025):

"!password" isn't the real password, I have changed it from my original password that was inside the log.
But regardless of how strong or weak my password, there underling issue regarding there's no heads up on needing to add "" to the password, if you have ! as first latter in the password.
Don't think it's major issue but something should notify the end user he can't use ! as the first latter in password.

<!-- gh-comment-id:2608022323 --> @netxer commented on GitHub (Jan 22, 2025): "!password" isn't the real password, I have changed it from my original password that was inside the log. But regardless of how strong or weak my password, there underling issue regarding there's no heads up on needing to add "" to the password, if you have ! as first latter in the password. Don't think it's major issue but something should notify the end user he can't use ! as the first latter in password.
GiteaMirror commented 2026-04-25 14:56:18 -05:00
Author
Owner
Copy Link

@miloschwartz commented on GitHub (Jan 22, 2025):

That's fair, and I agree we should make this more clear. Did you use the installer script? I can update that script to use the quotes when creating the config files. I can also update the docs to use quotes in case someone copies.

<!-- gh-comment-id:2608026688 --> @miloschwartz commented on GitHub (Jan 22, 2025): That's fair, and I agree we should make this more clear. Did you use the installer script? I can update that script to use the quotes when creating the config files. I can also update the docs to use quotes in case someone copies.
GiteaMirror commented 2026-04-25 14:56:18 -05:00
Author
Owner
Copy Link

@netxer commented on GitHub (Jan 22, 2025):

Yea I used the automated installer.

<!-- gh-comment-id:2608028892 --> @netxer commented on GitHub (Jan 22, 2025): Yea I used the automated installer.
GiteaMirror commented 2026-04-25 14:56:20 -05:00
Author
Owner
Copy Link

@miloschwartz commented on GitHub (Jan 22, 2025):

I will update the docs, and update the installer to use quotes for the next release. Thanks for pointing this out

<!-- gh-comment-id:2608032767 --> @miloschwartz commented on GitHub (Jan 22, 2025): I will update the docs, and update the installer to use quotes for the next release. Thanks for pointing this out
GiteaMirror commented 2026-04-25 14:56:21 -05:00
Author
Owner
Copy Link

@ItsSK commented on GitHub (Jan 23, 2025):

I have also confirmed that any special character as the first letter in the password triggers a failed to-start pangolin, simply adding quotes around the password in the config/config.yml fixes the issue, it also would be ideal to not hardcode the password but pass it during runtime.

<!-- gh-comment-id:2609056035 --> @ItsSK commented on GitHub (Jan 23, 2025): I have also confirmed that any special character as the first letter in the password triggers a failed to-start pangolin, simply adding quotes around the password in the config/config.yml fixes the issue, it also would be ideal to not hardcode the password but pass it during runtime.
GiteaMirror commented 2026-04-25 14:56:21 -05:00
Author
Owner
Copy Link

@miloschwartz commented on GitHub (Jan 23, 2025):

it also would be ideal to not hardcode the password but pass it during runtime.

It's not well documented right now, but you can pass the password at runtime by setting the USERS_SERVERADMIN_PASSWORD environment variable. This will override anything in the config file.

<!-- gh-comment-id:2610219505 --> @miloschwartz commented on GitHub (Jan 23, 2025): > it also would be ideal to not hardcode the password but pass it during runtime. It's not well documented right now, but you can pass the password at runtime by setting the `USERS_SERVERADMIN_PASSWORD` environment variable. This will override anything in the config file.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
api
authentication
bug
config
dependencies
docker
documentation
enhancement
good first issue
help wanted
Improvement
Look Into
needs investigating
networking
new feature
non-critical bug
potential bug
pull-request
Mirrored from GitHub Pull Request
 question
reverse proxy
Security
stale
ui
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#6081
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?