Backslashes in a password need to be escaped #760
Conversation
This will replace a single backslash with a double backslash in the `/root/.mongoshrc.js` file. when a password with a backslash is used, it is correctly passed on to the provider for setting the user's password, but things break when attempting to use said password for the admin user. A small explanation on the amount of backslashes: The first argument is a regular expression, so we need to escape the backslash. The second argument allows for references to capture groups or the entire match using backslashes, for example `\0` contains the entire match. This would make us end up with 4 backslashes, but apparantly the template rendering also has backslash escaping, this we need to double the amount of backslashes. So 8 in total.
|
You mean that if I want to use the password |
mongoshrc.js is not provided at all by upstream. But this modules manages the file to use it (and store the password) in the provider implementations ... |
|
I think we should use a password with |
Yes, that is correct. Most passwords at our site are autogenerated, and I happened to encounter one with a backslash.
Agreed, I'll add a test case. |
This test also lets the server class create the admin user, this abbreviates the test code a bit and increases the coverage of the acceptance test. Note that the explicit ordering of client and server was dropped.
stevenpost
force-pushed
the
admin_password/fix
branch
from
228f319
to
45026a0
Compare
|
Hmm, looking at this a second time it struck me that if we need to escape |
|
Since we are already in a single quoted string, I think only |
stevenpost
force-pushed
the
admin_password/fix
branch
from
53b5974
to
53105f4
Compare
This mainly pertains to single quotes, but the test includes others as well.
stevenpost
force-pushed
the
admin_password/fix
branch
from
53105f4
to
2ab8ca2
Compare
|
Can we release this as a fix release? Something like 6.0.1? |
This will replace a single backslash with a double backslash in the
/root/.mongoshrc.jsfile. when a password with a backslash is used, it is correctly passed on to the provider for setting the user's password, but things break when attempting to use said password for the admin user.A small explanation on the amount of backslashes: The first argument is a regular expression, so we need to escape the backslash. The second argument allows for references to capture groups or the entire match using backslashes, for example
\0contains the entire match. This would make us end up with 4 backslashes, but apparantly the template rendering also has backslash escaping, this we need to double the amount of backslashes. So 8 in total.