Merge pull request #986 from ParsePlatform/mongo-uri-encode-auth

Add URI encoding to mongo auth parameters
parse-community · Mar 17, 2016 · 14d3062 · 14d3062
2 parents 5c8ad83 + 530fad5
commit 14d3062
Show file tree

Hide file tree

Showing 4 changed files with 1,046 additions and 1 deletion.
diff --git a/spec/MongoStorageAdapter.spec.js b/spec/MongoStorageAdapter.spec.js
@@ -0,0 +1,37 @@
+'use strict';
+
+const MongoStorageAdapter = require('../src/Adapters/Storage/Mongo/MongoStorageAdapter');
+const MongoClient = require('mongodb').MongoClient;
+
+describe('MongoStorageAdapter', () => {
+  it('auto-escapes symbols in auth information', () => {
+    spyOn(MongoClient, 'connect').and.returnValue(Promise.resolve(null));
+    new MongoStorageAdapter('mongodb://user!with@+ symbols:password!with@+ symbols@localhost:1234/parse', {})
+      .connect();
+    expect(MongoClient.connect).toHaveBeenCalledWith(
+      'mongodb://user!with%40%2B%20symbols:password!with%40%2B%20symbols@localhost:1234/parse',
+      jasmine.any(Object)
+    );
+  });
+
+  it("doesn't double escape already URI-encoded information", () => {
+    spyOn(MongoClient, 'connect').and.returnValue(Promise.resolve(null));
+    new MongoStorageAdapter('mongodb://user!with%40%2B%20symbols:password!with%40%2B%20symbols@localhost:1234/parse', {})
+      .connect();
+    expect(MongoClient.connect).toHaveBeenCalledWith(
+      'mongodb://user!with%40%2B%20symbols:password!with%40%2B%20symbols@localhost:1234/parse',
+      jasmine.any(Object)
+    );
+  });
+
+  // https://github.com/ParsePlatform/parse-server/pull/148#issuecomment-180407057
+  it('preserves replica sets', () => {
+    spyOn(MongoClient, 'connect').and.returnValue(Promise.resolve(null));
+    new MongoStorageAdapter('mongodb://test:testpass@ds056315-a0.mongolab.com:59325,ds059315-a1.mongolab.com:59315/testDBname?replicaSet=rs-ds059415', {})
+      .connect();
+    expect(MongoClient.connect).toHaveBeenCalledWith(
+      'mongodb://test:testpass@ds056315-a0.mongolab.com:59325,ds059315-a1.mongolab.com:59315/testDBname?replicaSet=rs-ds059415',
+      jasmine.any(Object)
+    );
+  });
+});
diff --git a/src/Adapters/Storage/Mongo/MongoStorageAdapter.js b/src/Adapters/Storage/Mongo/MongoStorageAdapter.js
@@ -1,6 +1,7 @@
 
 import MongoCollection from './MongoCollection';
 import MongoSchemaCollection from './MongoSchemaCollection';
+import {parse as parseUrl, format as formatUrl} from '../../../vendor/mongodbUrl';
 
 let mongodb = require('mongodb');
 let MongoClient = mongodb.MongoClient;
@@ -25,7 +26,11 @@ export class MongoStorageAdapter {
       return this.connectionPromise;
     }
 
-    this.connectionPromise = MongoClient.connect(this._uri, this._options).then(database => {
+    // parsing and re-formatting causes the auth value (if there) to get URI
+    // encoded
+    const encodedUri = formatUrl(parseUrl(this._uri));
+
+    this.connectionPromise = MongoClient.connect(encodedUri, this._options).then(database => {
       this.database = database;
     });
     return this.connectionPromise;

diff --git a/src/vendor/README.md b/src/vendor/README.md
@@ -0,0 +1,8 @@
+# mongoUrl
+
+A fork of node's `url` module, with the modification that commas and colons are 
+allowed in hostnames. While this results in a slightly incorrect parsed result, 
+as the hostname field for a mongodb should be an array of replica sets, it's 
+good enough to let us pull out and escape the auth portion of the URL.
+
+See also: https://github.com/ParsePlatform/parse-server/pull/986