[SERVER-26585] mongo shell does not URL-decode password from connection URI Created: 11/Oct/16 Updated: 21/Mar/18 Resolved: 27/Feb/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Shell |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | David Percy | Assignee: | Sara Golemon |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Operating System: | ALL |
| Participants: |
| Description |
|
I was trying to connect to a mongod with a password that happens to contain special characters. These special characters are supposed to be URL-encoded in the connection URI. For example, if the password is pass%word the connection URI should be mongodb://root:pass%25word@localhost:27017/test. Using db.auth shows that the password contains a special character:
The shell accepts this incorrect connection URI:
The shell does not accept this correct connection URI:
Relevant part of the connection URI spec:
|
| Comments |
| Comment by Sara Golemon [ 27/Feb/18 ] | ||||||
|
As stated earlier, this functionality is present in 3.4 and later. | ||||||
| Comment by Chibuikem Amaechi [ 22/Jan/18 ] | ||||||
|
No prob. If no further work is needed on my end, I'll leave this ticket alone. - Chibuikem. A | ||||||
| Comment by Sara Golemon [ 22/Jan/18 ] | ||||||
|
Oh! My bad, I didn't notice you were different people. | ||||||
| Comment by Chibuikem Amaechi [ 22/Jan/18 ] | ||||||
|
Hi Sara, I believe it was David Percy who reported this issue, I'm just a contributor who happened to come across this ticket and decided to take a look into it. | ||||||
| Comment by Sara Golemon [ 22/Jan/18 ] | ||||||
|
Hi, thanks for pointing this out! As background, the mongodb:// URI parser was heavily refactored in 3.6.0 and that refactor has already been backported to the soon to be released 3.4.11. Unfortunately, bringing that fix to 3.2 raises an unacceptable level of complexity for a stable release, so we opted not to go that far. Your proposed fix is probably safe enough, though it's also a bit more blunt than the problem calls for. I'll look into the feasibility of applying just the uri decode portions of the mongodb:// uri parser rewrite to the v3.2 branch. In the mean time, if there's any way you can use the 3.6 client (it won't require upgrading your servers), that version is ready to go now and will behave the way you want. | ||||||
| Comment by Chibuikem Amaechi [ 13/Jan/18 ] | ||||||
|
My proposed change would be to add the following fragment of code inside the
Please share your thoughts. |