[COMPASS-6030] Inconsistent treatment of special characters in password in Connection string method and Wizard method Created: 18/Aug/22  Updated: 27/Oct/23  Resolved: 24/Aug/22

Status: Closed
Project: Compass
Component/s: Connectivity, UI / UX
Affects Version/s: 1.32.6
Fix Version/s: No version

Type: Bug Priority: Major - P3
Reporter: Felicia Hsieh Assignee: Unassigned
Resolution: Works as Designed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Atlas RS 5.0.10
macOS 12.5


Attachments: PNG File image-2022-08-17-19-49-50-991.png    
Documentation Changes: Not Needed

 Description   

Problem Statement/Rationale

What is going wrong? What action would you like the Engineering team to take?

Special characters in password are not behaving consistently and may prevent logging in.

Please be sure to attach relevant logs with any sensitive data redacted.

Steps to Reproduce

How could an engineer replicate the issue you’re reporting?

Create replica set 5.0.10

Create users with password using special character described in https://jira.mongodb.org/browse/COMPASS-2844

Passwords were 1 character in length for simplification.

Log in using those special characters in the Connection String method.

Also tested logging in using the Connection wizard under "Advanced Connection Options". Also saw ascii values/direct character typed in not consistently displayed in UI (in the connection string field being built).

Expected Results

What do you expect to happen?

To be able to log successfully with all valid special characters. Being able to log in was also compared and confirmed with mongosh and mongo shell. See MONGOSH-1289.

Actual Results

What do you observe is happening?

1. Can't log in with "/" "?" and "#" and equivalent ascii character replacement.

Error messages also vary.

This prevents users from logging in when the passwords includes these special characters. Tests were simplified by using 1 character password.

2. Error messages vary.

3. Typing in the character in the password field in "Advanced Connection Options" doesn't change into the ascii value above in the connection string field that is being built for "_", "!", "-", and "'" as with the other special characters. Behavior should be consistent.

Additional Notes

Any additional information that may be useful to include.

Item 1 Prevents users from logging in.
Item 2 and 3 are cosmetic.



 Comments   
Comment by Anna Henningsen [ 24/Aug/22 ]

felicia.hsieh@mongodb.com Okay, we got the original message from the customer.

This is working as designed. Some special characters need to be escaped using percent encoding when included in URLs. Specifically, according to the specification for URLs, these are:

: / ? # [ ] @

The Password field in the Advanced Connection Tabs will always contain the literal password. The connection string must contain a representation of the password in which special characters are escaped. Compass may escape more characters than are strictly necessary when entering passwords through the Password field; currently, those are all characters except

A-Z a-z 0-9 - _ . ! ~ * ' ( )

This does not affect the validity of the password, and this set of characters may vary over time. For example, mongodb://test:%24b%C3%A4r@localhost/ and mongodb://test:$bär@localhost/ contain different representations of the same username/password combination.

Comment by Anna Henningsen [ 23/Aug/22 ]

felicia.hsieh@mongodb.com Do you have log files or screenshots? Did you/the user enter the literal password (unescaped) into the connection string field? If yes, then this is expected behavior, since connection strings are formatted as URLs and special characters need to be escaped in URLs.

Generated at Wed Feb 07 22:41:39 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.