BUG: no way to use passwords in connection url that would make the url invalid

Question

BUG: no way to use passwords in connection url that would make the url invalid

toby-farris-bd opened this issue a year ago · 3 comments

Description

If you attempt to use a url like

http://friend:#Mellon@Khazad-dum.west.gate

you'll get a runtime error that the url is invalid on line 91 of the configure.js file, because of new URL.... If you use encodeURIComponent to encode the url to get around this problem, the url will be double encoded at line 124, because of url.format.

So we have a catch 22.

Expected Behavior

invalid urls are accepted and work, or put the burden of making the url valid on the consumer and don't double encode.

Actual Behavior

See above in the description

Possible Fix

I'll put up a PR.

Steps to Reproduce

Context

Cannot use # in passwords, so rotating passwords is very problematic.

Your Environment

Version used: 17.0.2
Environment name and version (e.g. Chrome 39, node.js 5.4): node.js 16.14.0
Operating System and version (desktop or mobile): macOS, 14.0 (23A344)
Link to your project: private

Answer 1 · 2024-03-08T06:06:50.000Z

Hi @toby-farris-bd,
Thanks for reporting and offer of a PR. I'll also take a look later today. I'm curious as to what happens if you change the URL to http://friend:%23Mellon@Khazad-dum.west.gate

Answer 2 · 2024-03-08T08:31:59.000Z

http://friend:%2523Mellon@Khazad-dum.west.gate

I see it gets double encoded as you found

Answer 3 · 2024-03-11T12:31:11.000Z

Fixed in v18. Thank you for your help.