user and pass should be decoded when parsing #9
Comments
vkarpov15
added a commit
to Automattic/mongoose
that referenced
this issue
Jan 16, 2017
OmarElgabry
added a commit
to OmarElgabry/chat.io
that referenced
this issue
Feb 22, 2017
The username and password in the database URI may contain characters that breaks (has special meaning). If so, they should be encoded, Why? Because any operation done by Mongoose (like parsing or splitting the URI) may result in error since the URI contains characters that has special meaning. Therefore we need to encode the username an password in the URI and send URI to Mongoose, which in turn will decode both the username and password right before sending the URI to the MongoDb server. - Issue: aheckmann/muri#9 - replica set: https://docs.mongodb.com/manual/reference/glossary/#term-replica-set
OmarElgabry
added a commit
to OmarElgabry/chat.io
that referenced
this issue
Feb 22, 2017
The username and password in the database URI may contain characters that break (has special meaning). If so, they should be encoded, Why? Because any operation done by Mongoose (like parsing or splitting the URI) may result in error since the URI contains characters that has special meaning. Therefore we need to encode the username an password in the URI and send URI to Mongoose, which in turn will decode both the username and password (so Mongoose expects them to be encoded already) right before sending the URI to the MongoDb server. - Issue: aheckmann/muri#9 - replica set: https://docs.mongodb.com/manual/reference/glossary/#term-replica-set
dmfila
added a commit
to dmfila/chat.io
that referenced
this issue
Jul 20, 2019
The username and password in the database URI may contain characters that break (has special meaning). If so, they should be encoded, Why? Because any operation done by Mongoose (like parsing or splitting the URI) may result in error since the URI contains characters that has special meaning. Therefore we need to encode the username an password in the URI and send URI to Mongoose, which in turn will decode both the username and password (so Mongoose expects them to be encoded already) right before sending the URI to the MongoDb server. - Issue: aheckmann/muri#9 - replica set: https://docs.mongodb.com/manual/reference/glossary/#term-replica-set
naumanjadev
added a commit
to naumanjadev/Chat-App
that referenced
this issue
Mar 14, 2024
The username and password in the database URI may contain characters that break (has special meaning). If so, they should be encoded, Why? Because any operation done by Mongoose (like parsing or splitting the URI) may result in error since the URI contains characters that has special meaning. Therefore we need to encode the username an password in the URI and send URI to Mongoose, which in turn will decode both the username and password (so Mongoose expects them to be encoded already) right before sending the URI to the MongoDb server. - Issue: aheckmann/muri#9 - replica set: https://docs.mongodb.com/manual/reference/glossary/#term-replica-set
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Consider this connection strings:
The
useris x.509 certificate subject compatible with RFC2253.The first URI is invalid because the
useris not encoded and conflict with comma separator for replica set. The later one is correct butmuridoes not decode it. So it simply returnCN%3Dnodejs-api.host.com%2COU%3DIT%2CO%3DOrg%2CL%3DCity%2CST%3DState%2CC%3DMYto the caller, which will then pass to the MongoDb server before rejecting with something like user not found because you know, the un-encoded and encoded string is never the same.Please consider using
decodeURIComponent()to support not only special character inpasswordbut also to verify client certificate in TLS/SSL connection.The MongoDb native driver for NodeJs also ask to encode it.
Related to #6
The text was updated successfully, but these errors were encountered: