Skip to content

Commit

Permalink
fix(connection): throw error if username:password includes @ or :
Browse files Browse the repository at this point in the history
Re: #5091
  • Loading branch information
vkarpov15 committed Mar 25, 2017
1 parent 70c6fd9 commit 2dd76ab
Showing 1 changed file with 22 additions and 3 deletions.
25 changes: 22 additions & 3 deletions lib/connection.js
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,7 @@ Connection.prototype.config;
Connection.prototype.open = function(host, database, port, options, callback) {
var parsed;
var Promise = PromiseProvider.get();
var err;

if (typeof database === 'string') {
switch (arguments.length) {
Expand Down Expand Up @@ -236,7 +237,7 @@ Connection.prototype.open = function(host, database, port, options, callback) {

// make sure we can open
if (STATES.disconnected !== this.readyState) {
var err = new Error('Trying to open unclosed connection.');
err = new Error('Trying to open unclosed connection.');
err.state = this.readyState;
this.error(err, callback);
return new Promise.ES6(function(resolve, reject) {
Expand All @@ -245,14 +246,16 @@ Connection.prototype.open = function(host, database, port, options, callback) {
}

if (!host) {
this.error(new Error('Missing hostname.'), callback);
err = new Error('Missing hostname.');
this.error(err, callback);
return new Promise.ES6(function(resolve, reject) {
reject(err);
});
}

if (!database) {
this.error(new Error('Missing database name.'), callback);
err = new Error('Missing database name.');
this.error(err, callback);
return new Promise.ES6(function(resolve, reject) {
reject(err);
});
Expand All @@ -269,7 +272,23 @@ Connection.prototype.open = function(host, database, port, options, callback) {
// Check hostname for user/pass
} else if (/@/.test(host) && /:/.test(host.split('@')[0])) {
host = host.split('@');
if (host.length > 2) {
err = new Error('Username and password must be URI encoded if they ' +
'contain "@", see http://bit.ly/2nRYRyq');
this.error(err, callback);
return new Promise.ES6(function(resolve, reject) {
reject(err);
});
}
var auth = host.shift().split(':');
if (auth.length > 2) {
err = new Error('Username and password must be URI encoded if they ' +
'contain ":", see http://bit.ly/2nRYRyq');
this.error(err, callback);
return new Promise.ES6(function(resolve, reject) {
reject(err);
});
}
host = host.pop();
this.user = auth[0];
this.pass = auth[1];
Expand Down

0 comments on commit 2dd76ab

Please sign in to comment.