uapi mysql create_user password issues

[katmai]

It seems like the uapi password function doesn't properly sanitize the password input. If i create an account with this complex password:

uapi --user=katmai Mysql create_user name=katmai_user password=__87%smiled%TASTE%fiji%13__

ill get an access denied trying to login to the database.

If i make the password slightly less complex such as:
uapi --user=katmai Mysql create_user name=katmai_user password=BlaBlaNow2@

it all works just fine.

 

[cPanelLauren]

Hi @katmai

This is because you're not properly URI encoding the password. The % is a reserved character and needs to be represented as %25 when creating the password. So on creation it should look as follows:

__87%25smiled%25TASTE%25fiji%2513__

Then when logging in you can use the password as you originally intended:

__87%smiled%TASTE%fiji%13__

I tested this on my server and it worked without issues

[root@server ~]# uapi --user=myuser Mysql create_user name=myuser_atest3 password="__87%25smiled%25TASTE%25fiji%2513__"
[2019-06-10 12:34:51 -0500] info [uapi] ---debug_hooks---
[2019-06-10 12:34:51 -0500] info [uapi]             msg: No hooks found for traversed context
[2019-06-10 12:34:51 -0500] info [uapi]         context: Cpanel::UAPI::Mysql::create_user
[2019-06-10 12:34:51 -0500] info [uapi]           stage: pre
[2019-06-10 12:34:51 -0500] info [uapi] ---debug_hooks---
[2019-06-10 12:34:51 -0500] info [uapi]             msg: No hooks found for traversed context
[2019-06-10 12:34:51 -0500] info [uapi]         context: Cpanel::UAPI::Mysql::create_user
[2019-06-10 12:34:51 -0500] info [uapi]           stage: post
---
apiversion: 3
func: create_user
module: Mysql
result:
  data: ~
  errors: ~
  messages: ~
  metadata: {}

  status: 1
  warnings: ~

Then logged in:

[root@server ~]# mysql -u myuser_atest3 -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 351215
Server version: 10.3.13-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

This is noted in the UAPI documentation here: UAPI Functions - Mysql::create_user - Developer Documentation - cPanel Documentation

Notes:

• You must URI-encode values.
• username represents your account-level username.
• For more information and additional output options, read our Guide to UAPI documentation or run the uapi --help command.
• If you run CloudLinux™, you must use the full path of the uapi command:
  
  /usr/local/cpanel/bin/uapi