From 77e4c24d0f73815523aa6dd7dd54d456c754d351 Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Mon, 10 Feb 2025 15:20:24 +0100 Subject: [PATCH 1/2] fix: parse special characters in postgres password --- cli/server.go | 10 +++++++++- cli/server_internal_test.go | 12 +++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/cli/server.go b/cli/server.go index 548f350bae9bc..887839d8b7108 100644 --- a/cli/server.go +++ b/cli/server.go @@ -2565,6 +2565,10 @@ func parseExternalAuthProvidersFromEnv(prefix string, environ []string) ([]coder return providers, nil } +var ( + reInvalidPortAfterHost = regexp.MustCompile(`invalid port ".+" after host`) +) + // If the user provides a postgres URL with a password that contains special // characters, the URL will be invalid. We need to escape the password so that // the URL parse doesn't fail at the DB connector level. @@ -2573,7 +2577,11 @@ func escapePostgresURLUserInfo(v string) (string, error) { // I wish I could use errors.Is here, but this error is not declared as a // variable in net/url. :( if err != nil { - if strings.Contains(err.Error(), "net/url: invalid userinfo") { + // Warning: The parser may also fail with an "invalid port" error if the password contains special + // characters. It does not detect invalid user information but instead incorrectly reports an invalid port. + // + // See: https://github.com/coder/coder/issues/16319 + if strings.Contains(err.Error(), "net/url: invalid userinfo") || reInvalidPortAfterHost.MatchString(err.Error()) { // If the URL is invalid, we assume it is because the password contains // special characters that need to be escaped. diff --git a/cli/server_internal_test.go b/cli/server_internal_test.go index 4bdf54f4f0583..b5417ceb04b8e 100644 --- a/cli/server_internal_test.go +++ b/cli/server_internal_test.go @@ -351,13 +351,23 @@ func TestEscapePostgresURLUserInfo(t *testing.T) { output: "", err: xerrors.New("parse postgres url: parse \"postgres://local host:5432/coder\": invalid character \" \" in host name"), }, + { + input: "postgres://coder:co?der@localhost:5432/coder", + output: "postgres://coder:co%3Fder@localhost:5432/coder", + err: nil, + }, + { + input: "postgres://coder:co#der@localhost:5432/coder", + output: "postgres://coder:co%23der@localhost:5432/coder", + err: nil, + }, } for _, tc := range testcases { tc := tc t.Run(tc.input, func(t *testing.T) { t.Parallel() o, err := escapePostgresURLUserInfo(tc.input) - require.Equal(t, tc.output, o) + assert.Equal(t, tc.output, o) if tc.err != nil { require.Error(t, err) require.EqualValues(t, tc.err.Error(), err.Error()) From 094190513d7d7d23bb93d598b7987733219b9212 Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Mon, 10 Feb 2025 15:29:59 +0100 Subject: [PATCH 2/2] fmt --- cli/server.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/cli/server.go b/cli/server.go index 887839d8b7108..59b46a5726d75 100644 --- a/cli/server.go +++ b/cli/server.go @@ -2565,9 +2565,7 @@ func parseExternalAuthProvidersFromEnv(prefix string, environ []string) ([]coder return providers, nil } -var ( - reInvalidPortAfterHost = regexp.MustCompile(`invalid port ".+" after host`) -) +var reInvalidPortAfterHost = regexp.MustCompile(`invalid port ".+" after host`) // If the user provides a postgres URL with a password that contains special // characters, the URL will be invalid. We need to escape the password so that pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy