From c666b20287d4aedd929899b6bb4f0c7065ea3d58 Mon Sep 17 00:00:00 2001 From: za-creature Date: Thu, 11 Apr 2013 19:57:03 +0300 Subject: [PATCH 1/5] Update connection-parameters.js MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The current connection url handling fails when the password contains encoded special characters: After the encodeURI, the special characters from the password are double encoded, and the password is rejected by postgres. Proposed fix handles one level of double encoding, and while it might break compatibility with passwords like "asdfg%77fgh" (which would've been escaped to asdfg%2577fgh before this patch), I strongly feel that maintaining backwards compatibility is in this case less important than following standards and discouraging bad coding practices. --- lib/connection-parameters.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/connection-parameters.js b/lib/connection-parameters.js index d6351701..c75515ab 100644 --- a/lib/connection-parameters.js +++ b/lib/connection-parameters.js @@ -17,7 +17,8 @@ var parse = function(str) { return { host: str }; } // url parse expects spaces encoded as %20 - str = encodeURI(str); + // however, we don't want to double-encode + str = encodeURI(str).replace(/\%25/g, "%"); var result = url.parse(str); var config = {}; config.host = result.hostname; From 5493a52793e424762803b300cf7b056fd2359328 Mon Sep 17 00:00:00 2001 From: za-creature Date: Thu, 11 Apr 2013 22:32:04 +0300 Subject: [PATCH 2/5] Update connection-parameters.js Different double-encode removal strategy --- lib/connection-parameters.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/connection-parameters.js b/lib/connection-parameters.js index c75515ab..aec183bb 100644 --- a/lib/connection-parameters.js +++ b/lib/connection-parameters.js @@ -18,7 +18,7 @@ var parse = function(str) { } // url parse expects spaces encoded as %20 // however, we don't want to double-encode - str = encodeURI(str).replace(/\%25/g, "%"); + str = encodeURI(str).replace(/\%25(\d\d)/g, "%$1"); var result = url.parse(str); var config = {}; config.host = result.hostname; From 20a2cbc810016ecbda0f6fb507a109addc682afa Mon Sep 17 00:00:00 2001 From: za-creature Date: Thu, 11 Apr 2013 22:47:32 +0300 Subject: [PATCH 3/5] Update creation-tests.js added unittest for urlencoded components --- test/unit/connection-parameters/creation-tests.js | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/test/unit/connection-parameters/creation-tests.js b/test/unit/connection-parameters/creation-tests.js index 6e73f7cd..2a4689ae 100644 --- a/test/unit/connection-parameters/creation-tests.js +++ b/test/unit/connection-parameters/creation-tests.js @@ -138,12 +138,21 @@ test('libpq connection string building', function() { assert.equal(subject.password, sourceConfig.password); }); - test('password contains weird characters', function() { - var strang = 'pg://my first name:is&%awesome!@localhost:9000'; + test('username or password contains weird characters', function() { + var strang = 'pg://my f%irst name:is&%awesome!@localhost:9000'; var subject = new ConnectionParameters(strang); - assert.equal(subject.user, 'my first name'); + assert.equal(subject.user, 'my f%irst name'); assert.equal(subject.password, 'is&%awesome!'); assert.equal(subject.host, 'localhost'); }); + + test("url is properly encoded", function() { + var encoded = "pg://bi%25na%25%25ry%20:s%40f%23@localhost/%20u%2520rl"; + var subject = new ConnectionParameters(encoded); + assert.equal(subject.user, "bi%na%%ry "); + assert.equal(subject.password, "s@f#"); + assert.equal(subject.host, 'localhost'); + assert.equal(subject.path, " u%20rl"); + }); }); From 264839d3a9c71f14334f469018d401bbae4a7bc9 Mon Sep 17 00:00:00 2001 From: za-creature Date: Thu, 11 Apr 2013 23:10:43 +0300 Subject: [PATCH 4/5] Update creation-tests.js connection exports 'database' instead of 'path' --- test/unit/connection-parameters/creation-tests.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/unit/connection-parameters/creation-tests.js b/test/unit/connection-parameters/creation-tests.js index 2a4689ae..f5f53350 100644 --- a/test/unit/connection-parameters/creation-tests.js +++ b/test/unit/connection-parameters/creation-tests.js @@ -152,7 +152,7 @@ test('libpq connection string building', function() { assert.equal(subject.user, "bi%na%%ry "); assert.equal(subject.password, "s@f#"); assert.equal(subject.host, 'localhost'); - assert.equal(subject.path, " u%20rl"); + assert.equal(subject.database, " u%20rl"); }); }); From b6ef157e8e23d78705b5d7ec6d9f85f69e74e6e1 Mon Sep 17 00:00:00 2001 From: za-creature Date: Thu, 11 Apr 2013 23:35:21 +0300 Subject: [PATCH 5/5] Update connection-parameters.js --- lib/connection-parameters.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/connection-parameters.js b/lib/connection-parameters.js index aec183bb..df11d1cb 100644 --- a/lib/connection-parameters.js +++ b/lib/connection-parameters.js @@ -22,7 +22,9 @@ var parse = function(str) { var result = url.parse(str); var config = {}; config.host = result.hostname; - config.database = result.pathname ? result.pathname.slice(1) : null; + // not sure if postgres allows symbols in database names + // but we should allow them just in case + config.database = result.pathname ? decodeURI(result.pathname.slice(1)) : null; var auth = (result.auth || ':').split(':'); config.user = auth[0]; config.password = auth[1];