Skip to content

accommodate for @ in database portion even if user:pass is present #6482

New issue
New issue
Closed
Closed
accommodate for @ in database portion even if user:pass is present#6482
Labels
@ (or other chars) in passwordplease escape non-alphanumeric characters in passwordsengineengines, connections, transactions, isolation levels, execution optionsfairly easymaybe a little more involved than "easy' but still doable for motivated newcomersuse casenot really a feature or a bug; can be support for new DB features or user use cases not anticipated
Milestone
 
1.4.x
@Tosi123

Description

@Tosi123
Tosi123
opened on May 14, 2021

Versions

  • OS: CentOS 7
  • Python: 3.6.8
  • SQLAlchemy: 1.4.15
  • Database: Mysql
  • DBAPI: pymysql

When creating_engine, if the password contains special characters, I understand that it is URL Encoding

DB Test
IP : 1.1.1.1
PORT: 3306
ID: test
PW: test
DB Name: test@test

question

  1. What should I do if there are special characters in DB Name?
    DB Name does not appear to be doing separate decoding
742 tokens = components["database"].split("?", 2)
743 components["database"] = tokens[0]

Parsing error on regular expression below when @ is entered in DB Name

re.compile('\n (?P[\w\+]+)://\n (?:\n (?P[^:/])\n (?::(?P.))?\n @)?\n (?:\n (?:\n , re.VERBOSE)
{'name': 'mysql+pymysql', 'username': 'test', 'password': 'test@1.1.1.1:3306/test', 'ipv6host': None, 'ipv4host': 'test', 'port': None, 'database': None}

Activity

Tosi123
added
requires triageNew issue that requires categorization
on May 14, 2021
zzzeek
added
engineengines, connections, transactions, isolation levels, execution options
use casenot really a feature or a bug; can be support for new DB features or user use cases not anticipated
and removed
requires triageNew issue that requires categorization
on May 14, 2021
zzzeek
added this to the 1.4.x milestone on May 14, 2021
zzzeek

zzzeek commented on May 14, 2021

@zzzeek
zzzeek
on May 14, 2021
Member

no solution right now other than programmatic construction of the URL object:

from sqlalchemy.engine import URL
url = URL.create("mysql", username="user", password="pw", host="host", database="my@database")
engine = create_engine(url)
zzzeek
changed the title [-]What should I do if there is a special character in the DB name?[/-] [+]add _rfc_1738_unquote to database portion of URL[/+] on May 14, 2021
zzzeek
added
fairly easymaybe a little more involved than "easy' but still doable for motivated newcomers
on May 14, 2021
zzzeek
changed the title [-]add _rfc_1738_unquote to database portion of URL[/-] [+]accommodate for @ in database portion even if user:pass is present[/+] on May 24, 2021
zzzeek

zzzeek commented on May 24, 2021

@zzzeek
zzzeek
on May 24, 2021
Member

we already support @ in the database portion, but it was only tested with a file-only URL.

sqla-tester

sqla-tester commented on May 24, 2021

@sqla-tester
sqla-tester
on May 24, 2021
Collaborator

Mike Bayer has proposed a fix for this issue in the master branch:

URL parsing fixes https://gerrit.sqlalchemy.org/c/sqlalchemy/sqlalchemy/+/2838

sqlalchemy-bot
closed this as completedin 2ab6755on May 24, 2021
BuSHari

BuSHari commented on May 31, 2021

@BuSHari
BuSHari
on May 31, 2021 · edited by BuSHari

Mike Bayer has proposed a fix for this issue in the master branch:

URL parsing fixes https://gerrit.sqlalchemy.org/c/sqlalchemy/sqlalchemy/+/2838

That fix broke our engine connection when we use '@' in our password string, we wanted to avoid using urlib parse quote.
Anyway to revert that fix?

CaselIT

CaselIT commented on May 31, 2021

@CaselIT
CaselIT
on May 31, 2021
Member

I think the new behaviour is the correct one, since previously it would result in the wrong parsing of the url.
As documented, special characters in the password field should be quoted, so I would suggest quoting the password.

dwt

dwt commented on May 31, 2021

@dwt
dwt
on May 31, 2021
Contributor

Out of interest, how do I do that in a connection url like this? We configure our app via a config.ini file with

sqlalchemy.url = mysql+pymysql://username:pass@pass@staging.example.org/staging?charset=utf8mb4&ssl_ca=/etc/pki/sntl-ca.crt

Right now the host is parsed as pass@staging.example.org - which of course doesn't work.

22 remaining items

Loading
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    @ (or other chars) in passwordplease escape non-alphanumeric characters in passwordsengineengines, connections, transactions, isolation levels, execution optionsfairly easymaybe a little more involved than "easy' but still doable for motivated newcomersuse casenot really a feature or a bug; can be support for new DB features or user use cases not anticipated

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @dwt@zzzeek@jvanasco@BuSHari@matan129

        Issue actions
          accommodate for @ in database portion even if user:pass is present · Issue #6482 · sqlalchemy/sqlalchemy