Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSHARP-5471: Incorrectly resolving the authentication mechanism param… #1605

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

CSHARP-5471: Incorrectly resolving the authentication mechanism param… #1605

wants to merge 12 commits into from
+40 −12

Conversation

papafe
Copy link
Contributor

@papafe papafe commented Jan 29, 2025

…eters from SRV connection string

@papafe papafe marked this pull request as ready for review January 29, 2025 13:22
@papafe papafe requested a review from a team as a code owner January 29, 2025 13:22
@papafe papafe requested review from JamesKovacs and sanych-sun and removed request for a team and JamesKovacs January 29, 2025 13:22
@papafe
Copy link
Contributor Author

papafe commented Jan 29, 2025
edited
Loading

Hey @sanych-sun, I've tagged you since it seems you've worked on this recently.
A couple of notes:

  • Not escaping the extra options while resolving the connection string seems to solve the issue.
  • This means that some tests were failing due to the fact that the stringified connection string after resolving is does not have escaped values. This seems to be a minor issue, as we still parse the string correctly internally.
  • I could not find anything in the specs about how should a resolved string look like, and even though Resolve is part of the public API, this could be seen as a bug fix.
  • This fix solves two different cases:
    1. authMechanismProperties=TOKEN_RESOURCE:mongodb%3A%2F%2Ftest-cluster, where the option is already escaped, but does not contain encoded commas
    2. authMechanismProperties=prop:ab%2Ccd%2Cef%2Cjh, where the option is already escaped and contains encoded commas

@papafe
Copy link
Contributor Author

papafe commented Mar 12, 2025

Hey @sanych-sun, did you have additional notes about this?

sanych-sun
sanych-sun requested changes Mar 20, 2025
View reviewed changes
src/MongoDB.Driver/Core/Configuration/ConnectionString.cs Outdated
@@ -761,7 +761,7 @@ private void ExtractOptions(Match match)
var parts = option.Value.Split('=');
var name = parts[0].Trim();
var value = parts[1].Trim();
_allOptions.Add(name, Uri.UnescapeDataString(value));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not think this change is safe, as we are stopping decoding for all options and that options are available via public API, not just for building the resolved connection string.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would suggest either introduce new private collection to contain the unprocessed options (like a _rawOptions), or DO NOT escape/unescape only authmechanismproperties option to mimic what ParseOption does.

papafe
papafe commented Mar 27, 2025
View reviewed changes
src/MongoDB.Driver/Core/Configuration/ConnectionString.cs
@@ -697,16 +697,13 @@ private ConnectionString BuildResolvedConnectionString(ConnectionStringScheme re
private void ExtractScheme(Match match)
{
var schemeGroup = match.Groups["scheme"];
if (schemeGroup.Success)
if (schemeGroup.Success && schemeGroup.Value == "mongodb+srv")
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unrelated change, but I looked at it :)

papafe
papafe commented Mar 27, 2025
View reviewed changes
src/MongoDB.Driver/Core/Configuration/ConnectionString.cs
@@ -925,7 +922,7 @@ private void ParseOption(string name, string value)
_authMechanism = value;
break;
case "authmechanismproperties":
foreach (var property in GetAuthMechanismProperties(name, value))
foreach (var property in GetAuthMechanismProperties(name, value, _isInternalRepresentation))
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

_isInternalRepresentation has a strange name, but it's set to true only by one constructor. And this constructor is only called by BuildResolvedConnectionString.

@papafe papafe requested a review from sanych-sun March 27, 2025 12:44
@papafe papafe added the bug label Apr 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sanych-sun sanych-sun Awaiting requested review from sanych-sun

Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@papafe @sanych-sun