-
Type: Bug
-
Resolution: Fixed
-
Priority: Unknown
-
Affects Version/s: 1.9.1, 1.13.0
-
Component/s: Authentication
-
None
-
Not Needed
-
Detailed steps to reproduce the problem?
You can reproduce the problem by adding an invalid character (`\n`) in the password
cred := options.Credential{ Username: "example@example.com", Password: "badpassword\n", } opts := options. Client(). ApplyURI("mongodb://localhost:1234"). SetAuth(cred) _, err := mongo.NewClient(opts) print(err)
The error you see is:
could not create client, err: failed to create internal authenticator: error SASLprepping password 'badpassword
': prohibited character (rune: '\u000a')
It looks like the culprit is this line
Definition of done: what must be done to consider the task complete?
The error containing the password is propagated all the way up to the calling consumer. Who then doesn't want to have to scrub their logs of password and lose out on vital information on what is going wrong. I would leave in the error returned from `stringprep.SASLprep.Prepare(cred.Password)` but not add the password to the error string.
The exact Go version used, with patch level:
1.21.4
The exact version of the Go driver used:
v1.9.1 (problem still in latest)
Security Vulnerabilities
If you’ve identified a security vulnerability in a driver or any other MongoDB project, please report it according to the instructions here
- related to
-
GODRIVER-216 SCRAM-SHA-256 Support
- Closed