Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(url parser): preserve auth creds when composing conn string #1640

Merged
merged 5 commits into from
Jan 19, 2018
Merged

fix(url parser): preserve auth creds when composing conn string #1640

merged 5 commits into from
Jan 19, 2018

Conversation

jlord
Copy link
Contributor

@jlord jlord commented Jan 17, 2018

Preserve the auth credentials used with a dns/txt record uri when composing a new connection string for the url parser.

This fix will also be backported to 2.2 which got support for dns/txt records.

NODE-1286

daprahamian
daprahamian suggested changes Jan 17, 2018
View reviewed changes
lib/url_parser.js Outdated
@@ -49,7 +49,8 @@ module.exports = function(url, options, callback) {
}

let connectionStrings = addresses.map(function(address, i) {
if (i === 0) return `mongodb://${address.name}:${address.port}`;
let base = result.auth ? `mongodb://${result.auth}@` : `mongodb://`;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you compute base outside of the loop so that you don't do it on every iteration?

@jlord jlord requested a review from mbroadst January 17, 2018 16:24
This was referenced Jan 17, 2018
Merged
Merged
Merged
@jlord jlord merged commit eddca5e into 3.0.0 Jan 19, 2018
@jlord jlord deleted the keepauth-dns branch January 19, 2018 13:35
@jlord jlord mentioned this pull request Jan 22, 2018
Merged
@IrishAfrican
Copy link

This still doesn't seem to work correctly for me.
If you have a URIEncoded Password in a connection string like such:

mongodb+srv://test-user:3#f![email protected]/mytestdb

becoming:

mongodb+srv://test-user:3%23f![email protected]/mytestdb

when parser.parse returns the parsed object it decodes the password to be '3#f!69A8AZu9',
but the code later that tries to decode and re-encode the password (to determine if the pwd was encoded correctly) fails as the password had already been decoded by the parser.parse method.

Note that the new NodeJS URL API whereby one says:

let myUrl = URL(the_url)
myUrl.password

behaves differently and does not decode the password

@jlord
Copy link
Contributor Author

jlord commented Feb 2, 2018

@IrishAfrican thanks so much for reporting this! I've made a ticket for us in JIRA and we'll make the fix 👍

https://jira.mongodb.org/browse/NODE-1309

@IrishAfrican
Copy link

Thanks Jessica.

On a different but related issue, the latest driver may have a problem with the case whereby the auth database and the database being connected to, no longer works correctly, or at least not from 3rd party systems such as Mongoose.

The MongoDB Atlas, says that even on a v3.6 compliant driver I should use the /mytestdb syntax to set my database name even though I authenticate against the admin database as shown in my example previously

mongodb+srv://test-user:3#f![email protected]/mytestdb

In the case of Mongoose they use the MongoDB driver library url_parser to parse the URL and get the DB name. In the latest version of the driver this seems to return 'admin'.

If I use the 3.4 syntax as shown below it seems to work fine:

mongodb://test-user:3#f![email protected]:27017,cluster0-shard-00-01-abcde.mongodb.net:27017,cluster0-shard-00-02-abcde.mongodb.net:27017/mytestdb?ssl=true&replicaSet=cluster0-shard-0&authSource=admin

I am not sure if you would consider this a bug as it does not seem that the URL Parser is supposed to be a public API, but the url_parser does seem to have code that tries to set dbName to something other than its default of 'admin' in certain cases, and it works for the 3.4 syntax so I am assuming it is a bug.

Obviously, if you feel that this is not a bug and Mongoose should not be using the MongoDB parser I will log an issue on their side.

Thanks

@mbroadst
Copy link
Member

mbroadst commented Feb 5, 2018

@IrishAfrican please file a ticket on JIRA to discuss this, thanks!

@IrishAfrican
Copy link

Cool, have done: NODE-1321

This was referenced Mar 8, 2018
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daprahamian daprahamian daprahamian approved these changes

@mbroadst mbroadst mbroadst approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jlord @IrishAfrican @mbroadst @daprahamian