search

nats-io / nats-pure.rb

Ruby client for NATS, the cloud native messaging system.
https://nats.io
Apache License 2.0
131 stars 30 forks source link

NATS connection with username / password with URI Escape characters fails #139

Open sushilrai opened 11 months ago

sushilrai commented 11 months ago

Observed behavior

If username is "nats" and password contains some URI escape characters for example "/iq/Vm/QXzfR8Q==" then connection fails. Connection required provided using "URL" fails as CGI "unescape" is not user and when password is passed as options then it fails during the check_password implemented in jruby-9.3.9.0/lib/ruby/stdlib/uri/generic.rb

Only option to make the connection is to change the password to have non-esacape characters or patch the nats code to unescape CGI characters passed in the username / password

Expected behavior

Support for CGI unescape to allow username / password with special characters

Server and client version

nats-pure (2.4.0)

Host environment

SLES

Steps to reproduce

nats_user = CGI.escape(options.NATS_USERNAME) nats_password = CGI.escape(options.NATS_USER_PASSWORD) nats_host = options.NATS_SERVER || ENV["NATS_SERVER"] || "nats_server" nats_port = options.port || ENV["NATS_PORT"] || "4222"

    url = "tls://%s:%s@%s:%s" % [nats_user, nats_password, nats_host, nats_port]
    #url = "tls://%s:%s" % [nats_host, nats_port]
    tls_context = OpenSSL::SSL::SSLContext.new
    tls_context.ssl_version = :TLSv1_2
    tls_context.set_params
    tls_context.cert = OpenSSL::X509::Certificate.new File.open(tls_cert_location)
    tls_context.key = OpenSSL::PKey::RSA.new File.open(tls_cert_key)
    tls_context.ca_file = ca_cert_location

      @client = NATS.connect(
        servers: [url],
        reconnect: false,
        tls: {
          context: tls_context
        }
      )