CSHARP-2291: Allow unencoded subdelimiters in usernames and passwords

Author: ksadoff

src/MongoDB.Driver.Core/Core/Configuration/ConnectionString.cs

@@ -756,7 +756,7 @@ private void Parse()
             const string optionsPattern = @"(\?" + optionPattern + @"((&|;)" + optionPattern + ")*)?";
             const string pattern =
                 @"^(?<scheme>mongodb|mongodb\+srv)://" +
-                @"((?<username>[^:@]+)(:(?<password>[^:@]*))?@)?" +
+                @"((?<username>[^:@/]+)(:(?<password>[^:@/]*))?@)?" +
                 serversPattern + @"(/" + databasePattern + ")?/?" + optionsPattern + "$";
 
             if (_originalConnectionString.Contains("%"))

tests/MongoDB.Driver.Core.Tests/Specifications/connection-string/tests/README.rst

@@ -97,3 +97,7 @@ handler and watching for output).
 
 Not all drivers may be able to directly assert the hosts, auth credentials, and
 options. Doing so may require exposing the driver's URI parsing component.
+
+The file valid-db-with-dotted-name.yml is a special case for testing drivers
+that allow dotted namespaces, instead of only database names, in the Auth
+Database portion of the URI.

tests/MongoDB.Driver.Core.Tests/Specifications/connection-string/tests/invalid-uris.json

@@ -206,7 +206,34 @@
             "uri": "mongodb://alice@foo:[email protected]", 
             "valid": false, 
             "warning": null
-        }, 
+        },
+	    {
+            "auth": null,
+            "description": "Username containing an unescaped slash",
+            "hosts": null,
+            "options": null,
+            "uri": "mongodb://alice/@localhost/db",
+            "valid": false,
+            "warning": null
+        },
+        {
+            "auth": null,
+            "description": "Username containing unescaped slash with password",
+            "hosts": null,
+            "options": null,
+            "uri": "mongodb://alice/bob:foo@localhost/db",
+            "valid": false,
+            "warning": null
+        },
+        {
+            "auth": null,
+            "description": "Username with password containing an unescaped slash",
+            "hosts": null,
+            "options": null,
+            "uri": "mongodb://alice:foo/bar@localhost/db",
+            "valid": false,
+            "warning": null
+        },
         {
             "auth": null, 
             "description": "Host with unescaped slash", 
@@ -215,6 +242,24 @@
             "uri": "mongodb:///tmp/mongodb-27017.sock/", 
             "valid": false, 
             "warning": null
+        },
+	    {
+            "auth": null,
+            "description": "mongodb+srv with multiple service names",
+            "hosts": null,
+            "options": null,
+            "uri": "mongodb+srv://test5.test.mongodb.com,test6.test.mongodb.com",
+            "valid": false,
+            "warning": null
+        },
+        {
+            "auth": null,
+            "description": "mongodb+srv with port number",
+            "hosts": null,
+            "options": null,
+            "uri": "mongodb+srv://test7.test.mongodb.com:27018",
+            "valid": false,
+            "warning": null
         },
         {
             "auth": null,
@@ -224,7 +269,6 @@
             "uri": "mongodb://alice%foo:[email protected]",
             "valid": false,
             "warning": null
-        }	    
-
+        }
     ]
 }

tests/MongoDB.Driver.Core.Tests/Specifications/connection-string/tests/invalid-uris.yml

@@ -183,6 +183,30 @@ tests:
         hosts: ~
         auth: ~
         options: ~
+    -
+        description: "Username containing an unescaped slash"
+        uri: "mongodb://alice/@localhost/db"
+        valid: false
+        warning: ~
+        hosts: ~
+        auth: ~
+        options: ~
+    -
+        description: "Username containing unescaped slash with password"
+        uri: "mongodb://alice/bob:foo@localhost/db"
+        valid: false
+        warning: ~
+        hosts: ~
+        auth: ~
+        options: ~
+    -
+        description: "Username with password containing an unescaped slash"
+        uri: "mongodb://alice:foo/bar@localhost/db"
+        valid: false
+        warning: ~
+        hosts: ~
+        auth: ~
+        options: ~
     -
         description: "Host with unescaped slash"
         uri: "mongodb:///tmp/mongodb-27017.sock/"
@@ -191,12 +215,27 @@ tests:
         hosts: ~
         auth: ~
         options: ~
+    -
+        description: "mongodb+srv with multiple service names"
+        uri: "mongodb+srv://test5.test.mongodb.com,test6.test.mongodb.com"
+        valid: false
+        warning: ~
+        hosts: ~
+        auth: ~
+        options: ~
+    -
+        description: "mongodb+srv with port number"
+        uri: "mongodb+srv://test7.test.mongodb.com:27018"
+        valid: false
+        warning: ~
+        hosts: ~
+        auth: ~
+        options: ~
     -
         description: "Username with password containing an unescaped percent sign"
         uri: "mongodb://alice%foo:[email protected]"
         valid: false
         warning: ~
         hosts: ~
         auth: ~
-        options: ~        
-    
+        options: ~

tests/MongoDB.Driver.Core.Tests/Specifications/connection-string/tests/valid-auth.json

@@ -37,26 +37,7 @@
             "uri": "mongodb://alice:[email protected]/test", 
             "valid": true, 
             "warning": false
-        }, 
-        {
-            "auth": {
-                "db": "t\u0000est", 
-                "password": "f\u0000oo", 
-                "username": "a\u0000lice"
-            }, 
-            "description": "User info for single IPv4 host with database (escaped null bytes)", 
-            "hosts": [
-                {
-                    "host": "127.0.0.1", 
-                    "port": null, 
-                    "type": "ipv4"
-                }
-            ], 
-            "options": null, 
-            "uri": "mongodb://a%00lice:f%[email protected]/t%00est", 
-            "valid": true, 
-            "warning": false
-        }, 
+        },
         {
             "auth": {
                 "db": null, 
@@ -223,7 +204,7 @@
             "auth": {
                 "db": "my=db", 
                 "password": null, 
-                "username": "@l:ce"
+                "username": "@l:ce/="
             }, 
             "description": "Escaped username and database without password", 
             "hosts": [
@@ -234,14 +215,14 @@
                 }
             ], 
             "options": null, 
-            "uri": "mongodb://%40l%[email protected]/my%3Ddb", 
+            "uri": "mongodb://%40l%3Ace%2F%3D@example.com/my%3Ddb", 
             "valid": true, 
             "warning": false
         }, 
         {
             "auth": {
                 "db": "admin?", 
-                "password": "f:zzb@zz", 
+                "password": "f:zzb@z/z=", 
                 "username": "$am"
             }, 
             "description": "Escaped user info and database (MONGODB-CR)", 
@@ -255,10 +236,31 @@
             "options": {
                 "authmechanism": "MONGODB-CR"
             }, 
-            "uri": "mongodb://%24am:f%3Azzb%40zz@127.0.0.1/admin%3F?authMechanism=MONGODB-CR", 
+            "uri": "mongodb://%24am:f%3Azzb%40z%2Fz%3D@127.0.0.1/admin%3F?authMechanism=MONGODB-CR", 
             "valid": true, 
             "warning": false
-        }, 
+        },
+{
+      "description": "Subdelimiters in user/pass don't need escaping (MONGODB-CR)",
+      "uri": "mongodb://!$&'()*+,;=:!$&'()*+,;[email protected]/admin?authMechanism=MONGODB-CR",
+      "valid": true,
+      "warning": false,
+      "hosts": [
+        {
+          "type": "ipv4",
+          "host": "127.0.0.1",
+          "port": null
+        }
+      ],
+      "auth": {
+        "username": "!$&'()*+,;=",
+        "password": "!$&'()*+,;=",
+        "db": "admin"
+      },
+      "options": {
+        "authmechanism": "MONGODB-CR"
+      }
+    },	
         {
             "auth": {
                 "db": null, 

tests/MongoDB.Driver.Core.Tests/Specifications/connection-string/tests/valid-auth.yml

@@ -29,21 +29,6 @@ tests:
             password: "foo"
             db: "test"
         options: ~
-    -
-        description: "User info for single IPv4 host with database (escaped null bytes)"
-        uri: "mongodb://a%00lice:f%[email protected]/t%00est"
-        valid: true
-        warning: false
-        hosts:
-            -
-                type: "ipv4"
-                host: "127.0.0.1"
-                port: ~
-        auth:
-            username: "a\0lice"
-            password: "f\0oo"
-            db: "t\0est"
-        options: ~
     -
         description: "User info for single IP literal host without database"
         uri: "mongodb://bob:bar@[::1]:27018"
@@ -174,7 +159,7 @@ tests:
         options: ~
     -
         description: "Escaped username and database without password"
-        uri: "mongodb://%40l%[email protected]/my%3Ddb"
+        uri: "mongodb://%40l%3Ace%2F%3D@example.com/my%3Ddb"
         valid: true
         warning: false
         hosts:
@@ -183,13 +168,13 @@ tests:
                 host: "example.com"
                 port: ~
         auth:
-            username: "@l:ce"
+            username: "@l:ce/="
             password: ~
             db: "my=db"
         options: ~
     -
         description: "Escaped user info and database (MONGODB-CR)"
-        uri: "mongodb://%24am:f%3Azzb%40zz@127.0.0.1/admin%3F?authMechanism=MONGODB-CR"
+        uri: "mongodb://%24am:f%3Azzb%40z%2Fz%3D@127.0.0.1/admin%3F?authMechanism=MONGODB-CR"
         valid: true
         warning: false
         hosts:
@@ -199,10 +184,26 @@ tests:
                 port: ~
         auth:
             username: "$am"
-            password: "f:zzb@zz"
+            password: "f:zzb@z/z="
             db: "admin?"
         options:
             authmechanism: "MONGODB-CR"
+    -
+        description: "Subdelimiters in user/pass don't need escaping (MONGODB-CR)"
+        uri: "mongodb://!$&'()*+,;=:!$&'()*+,;[email protected]/admin?authMechanism=MONGODB-CR"
+        valid: true
+        warning: false
+        hosts:
+            -
+                type: "ipv4"
+                host: "127.0.0.1"
+                port: ~
+        auth:
+            username: "!$&'()*+,;="
+            password: "!$&'()*+,;="
+            db: "admin"
+        options:
+            authmechanism: "MONGODB-CR"
     -
         description: "Escaped username (MONGODB-X509)"
         uri: "mongodb://CN%3DmyName%2COU%3DmyOrgUnit%2CO%3DmyOrg%2CL%3DmyLocality%2CST%3DmyState%2CC%3DmyCountry@localhost/?authMechanism=MONGODB-X509"