Node IDs are NaN if credentials in the connection URL contain an uppercase letter

[TWiStErRob]

Here's a temporary fix I applied in my own codebase to make addNodeId work:

var neo4j = require('node-neo4j');
/**
 * Monkey patch the removeCredentials to get node._id and rel._id working.
 * From http://www.w3.org/Addressing/URL/url-spec.txt:
 * user      -> alphanum2 [ user ]  
 * password  -> alphanum2 [ password ] 
 * alphanum2 -> alpha | digit | - | _ | . | +  
 * alpha     -> a|...|z|A|...|Z
 * digit     -> 0|...|9
 */
neo4j.prototype.removeCredentials = function(path) {
    if(typeof path !== 'undefined' && path !== ''){
        return path.replace(/[a-zA-Z0-9_.+-]+\:[a-zA-Z0-9_.+-]+\@/, '');
    } else {
        return '';
    }
};

The problem came up when I started using www.graphenedb.com, it automatically generates passwords like this: http://my-db:35Ghdk3j5hfivmb@mydb.sb01.stations.graphenedb.com:12345

Also note that most usernames can contain dash and underscore, and the "more secure" passwords can contain weird characters like: !, *, $, % etc. These weird characters are working when connecting using new neo4j(<url>), the trick is to escape them via %xx.

The above monkeypatch works as is, but I think it would be nice if a library didn't assume anything about the username and password of an application. Also my guess is that it is possible to use international hostnames as well.

So to be open I'd suggest something like:

var conn = url.parse(path);
delete conn.auth; // or conn.auth = undefined;
return url.format(conn);

... and probably do removeCredentials in the constructor and cache it.

[philippkueng]

Hi @TWiStErRob and thanks for your detailed issue.

Think your fix reasonable, and asked myself why we haven't done it that way before. However, removeCredentials is in there but no longer used by the functions (as of RC4). Which version of node-neo4j are you using, so i can better verify how and what to fix.

Best, Phil