[COMPASS-6030] Inconsistent treatment of special characters in password in Connection string method and Wizard method Created: 18/Aug/22 Updated: 27/Oct/23 Resolved: 24/Aug/22 |
|
| Status: | Closed |
| Project: | Compass |
| Component/s: | Connectivity, UI / UX |
| Affects Version/s: | 1.32.6 |
| Fix Version/s: | No version |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Felicia Hsieh | Assignee: | Unassigned |
| Resolution: | Works as Designed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Atlas RS 5.0.10 |
||
| Attachments: |
|
| Documentation Changes: | Not Needed |
| Description |
Problem Statement/RationaleWhat is going wrong? What action would you like the Engineering team to take? Special characters in password are not behaving consistently and may prevent logging in. Please be sure to attach relevant logs with any sensitive data redacted. Steps to ReproduceHow could an engineer replicate the issue you’re reporting? Create replica set 5.0.10 Create users with password using special character described in https://jira.mongodb.org/browse/COMPASS-2844 Passwords were 1 character in length for simplification. Log in using those special characters in the Connection String method. Also tested logging in using the Connection wizard under "Advanced Connection Options". Also saw ascii values/direct character typed in not consistently displayed in UI (in the connection string field being built). Expected Results What do you expect to happen? To be able to log successfully with all valid special characters. Being able to log in was also compared and confirmed with mongosh and mongo shell. See MONGOSH-1289. Actual ResultsWhat do you observe is happening? 1. Can't log in with "/" "?" and "#" and equivalent ascii character replacement. Error messages also vary. This prevents users from logging in when the passwords includes these special characters. Tests were simplified by using 1 character password. 2. Error messages vary. 3. Typing in the character in the password field in "Advanced Connection Options" doesn't change into the ascii value above in the connection string field that is being built for "_", "!", "-", and "'" as with the other special characters. Behavior should be consistent. Additional NotesAny additional information that may be useful to include. Item 1 Prevents users from logging in. |
| Comments |
| Comment by Anna Henningsen [ 24/Aug/22 ] |
|
felicia.hsieh@mongodb.com Okay, we got the original message from the customer. This is working as designed. Some special characters need to be escaped using percent encoding when included in URLs. Specifically, according to the specification for URLs, these are: : / ? # [ ] @ The Password field in the Advanced Connection Tabs will always contain the literal password. The connection string must contain a representation of the password in which special characters are escaped. Compass may escape more characters than are strictly necessary when entering passwords through the Password field; currently, those are all characters except A-Z a-z 0-9 - _ . ! ~ * ' ( ) This does not affect the validity of the password, and this set of characters may vary over time. For example, mongodb://test:%24b%C3%A4r@localhost/ and mongodb://test:$bär@localhost/ contain different representations of the same username/password combination. |
| Comment by Anna Henningsen [ 23/Aug/22 ] |
|
felicia.hsieh@mongodb.com Do you have log files or screenshots? Did you/the user enter the literal password (unescaped) into the connection string field? If yes, then this is expected behavior, since connection strings are formatted as URLs and special characters need to be escaped in URLs. |