GODRIVER-1625 Allow and validate single character credentials (#424)

Divjot Arora · lijun4727 · Divjot Arora · commit dd746f4045f9 · 2020-06-16T13:14:29.000-04:00
Co-authored-by: Jun Li &lt;472780330@qq.com&gt;
diff --git a/mongo/options/clientoptions_test.go b/mongo/options/clientoptions_test.go
@@ -253,6 +253,14 @@ func TestClientOptions(t *testing.T) {
 				"mongodb://foo@localhost/",
 				baseClient().SetAuth(Credential{AuthSource: "admin", Username: "foo"}),
 			},
+			{
+				"Unescaped slash in username",
+				"mongodb:///:pwd@localhost",
+				&ClientOptions{err: internal.WrapErrorf(
+					errors.New("unescaped slash in username"),
+					"error parsing uri",
+				)},
+			},
 			{
 				"Password",
 				"mongodb://foo:bar@localhost/",
@@ -261,6 +269,14 @@ func TestClientOptions(t *testing.T) {
 					Password: "bar", PasswordSet: true,
 				}),
 			},
+			{
+				"Single character username and password",
+				"mongodb://f:b@localhost/",
+				baseClient().SetAuth(Credential{
+					AuthSource: "admin", Username: "f",
+					Password: "b", PasswordSet: true,
+				}),
+			},
 			{
 				"Connect",
 				"mongodb://localhost/?connect=direct",
diff --git a/x/mongo/driver/connstring/connstring.go b/x/mongo/driver/connstring/connstring.go
@@ -162,27 +162,25 @@ func (p *parser) parse(original string) error {
 			p.PasswordSet = true
 		}
 
-		if len(username) > 1 {
-			if strings.Contains(username, "/") {
-				return fmt.Errorf("unescaped slash in username")
-			}
+		// Validate and process the username.
+		if strings.Contains(username, "/") {
+			return fmt.Errorf("unescaped slash in username")
 		}
-
 		p.Username, err = url.QueryUnescape(username)
 		if err != nil {
 			return internal.WrapErrorf(err, "invalid username")
 		}
-		if len(password) > 1 {
-			if strings.Contains(password, ":") {
-				return fmt.Errorf("unescaped colon in password")
-			}
-			if strings.Contains(password, "/") {
-				return fmt.Errorf("unescaped slash in password")
-			}
-			p.Password, err = url.QueryUnescape(password)
-			if err != nil {
-				return internal.WrapErrorf(err, "invalid password")
-			}
+
+		// Validate and process the password.
+		if strings.Contains(password, ":") {
+			return fmt.Errorf("unescaped colon in password")
+		}
+		if strings.Contains(password, "/") {
+			return fmt.Errorf("unescaped slash in password")
+		}
+		p.Password, err = url.QueryUnescape(password)
+		if err != nil {
+			return internal.WrapErrorf(err, "invalid password")
 		}
 	}
 
