Closed
Description
Summary:
MongoDB connection URI failing when authentication details contain special chars as per the following stack trace:
2023-03-29T08:51:25.190Z - error: uncaughtException: Password contains unescaped characters
MongoParseError: Password contains unescaped characters
at new ConnectionString (/opt/app/node_modules/mongodb-connection-string-url/lib/index.js:115:23)
at parseOptions (/opt/app/node_modules/mongodb/lib/connection_string.js:209:17)
at new MongoClient (/opt/app/node_modules/mongodb/lib/mongo_client.js:64:63)
at /opt/app/node_modules/mongoose/lib/connection.js:801:16
at new Promise (<anonymous>)
at NativeConnection.Connection.openUri (/opt/app/node_modules/mongoose/lib/connection.js:798:19)
at /opt/app/node_modules/mongoose/lib/index.js:380:10
at /opt/app/node_modules/mongoose/lib/helpers/promiseOrCallback.js:32:5
at new Promise (<anonymous>)
at promiseOrCallback (/opt/app/node_modules/mongoose/lib/helpers/promiseOrCallback.js:31:10)
2023-03-29T08:51:25.190Z - error: uncaughtException: Password contains unescaped characters
MongoParseError: Password contains unescaped characters
at new ConnectionString (/opt/app/node_modules/mongodb-connection-string-url/lib/index.js:115:23)
at parseOptions (/opt/app/node_modules/mongodb/lib/connection_string.js:209:17)
at new MongoClient (/opt/app/node_modules/mongodb/lib/mongo_client.js:64:63)
at /opt/app/node_modules/mongoose/lib/connection.js:801:16
at new Promise (<anonymous>)
at NativeConnection.Connection.openUri (/opt/app/node_modules/mongoose/lib/connection.js:798:19)
at /opt/app/node_modules/mongoose/lib/index.js:380:10
at /opt/app/node_modules/mongoose/lib/helpers/promiseOrCallback.js:32:5
at new Promise (<anonymous>)
at promiseOrCallback (/opt/app/node_modules/mongoose/lib/helpers/promiseOrCallback.js:31:10)
2023-03-29T08:51:25.181Z - info: "Connecting to MongoDB uri mongodb://mojaloop:$DvJvLQy&#q0U8r#LAji@bulk-mongodb-svc.stateful-services.svc.cluster.local:27017/mlos"
2023-03-29T08:51:25.186Z - info: "MongoDB connection error Password contains unescaped characters"
2023-03-29T08:51:25.189Z - error: "uncaughtException: Password contains unescaped characters\nMongoParseError: Password contains unescaped characters\n at new ConnectionString (/opt/app/node_modules/mongodb-connection-string-url/lib/index.js:115:23)\n at parseOptions (/opt/app/node_modules/mongodb/lib/connection_string.js:209:17)\n at new MongoClient (/opt/app/node_modules/mongodb/lib/mongo_client.js:64:63)\n at /opt/app/node_modules/mongoose/lib/connection.js:801:16\n at new Promise (<anonymous>)\n at NativeConnection.Connection.openUri (/opt/app/node_modules/mongoose/lib/connection.js:798:19)\n at /opt/app/node_modules/mongoose/lib/index.js:380:10\n at /opt/app/node_modules/mongoose/lib/helpers/promiseOrCallback.js:32:5\n at new Promise (<anonymous>)\n at promiseOrCallback (/opt/app/node_modules/mongoose/lib/helpers/promiseOrCallback.js:31:10)"
2023-03-29T08:51:25.189Z - error: "uncaughtException: Password contains unescaped characters\nMongoParseError: Password contains unescaped characters\n at new ConnectionString (/opt/app/node_modules/mongodb-connection-string-url/lib/index.js:115:23)\n at parseOptions (/opt/app/node_modules/mongodb/lib/connection_string.js:209:17)\n at new MongoClient (/opt/app/node_modules/mongodb/lib/mongo_client.js:64:63)\n at /opt/app/node_modules/mongoose/lib/connection.js:801:16\n at new Promise (<anonymous>)\n at NativeConnection.Connection.openUri (/opt/app/node_modules/mongoose/lib/connection.js:798:19)\n at /opt/app/node_modules/mongoose/lib/index.js:380:10\n at /opt/app/node_modules/mongoose/lib/helpers/promiseOrCallback.js:32:5\n at new Promise (<anonymous>)\n at promiseOrCallback (/opt/app/node_modules/mongoose/lib/helpers/promiseOrCallback.js:31:10)"
Severity:
High
Priority:
Critical
Expected Behavior
Service authenticates successfully when special characters are used in both Username and Password for MongoDB
Ref: MongoDB NodeJS Authentication Mechanisms
Steps to Reproduce
- Deploy Mojaloop v15 example backends with username/password that contain special characters for MongoDB
- Deploy Mojaloop v15 to utilise secrets provided by backend deployment for MongoDB
- Monitor log for failing service
Specifications
- Component (if known): Central-Ledger
- Version: v17.0.1
- Platform: IaC
- Subsystem: n/a
- Type of testing: n/a
- Bug found/raised by: @dfry
Notes:
- Severity when opened: High
- Priority when opened: Critical
Activity