Backslashes in a password need to be escaped

[stevenpost]

This will replace a single backslash with a double backslash in the /root/.mongoshrc.js file. when a password with a backslash is used, it is correctly passed on to the provider for setting the user's password, but things break when attempting to use said password for the admin user.

A small explanation on the amount of backslashes: The first argument is a regular expression, so we need to escape the backslash. The second argument allows for references to capture groups or the entire match using backslashes, for example \0 contains the entire match. This would make us end up with 4 backslashes, but apparantly the template rendering also has backslash escaping, this we need to double the amount of backslashes. So 8 in total.

[smortex]

You mean that if I want to use the password foo\bar I must set the password to foo\\bar in the configuration? If so, this should probably better be reported and fixed upsteam, no?

[h-haaks]

You mean that if I want to use the password foo\bar I must set the password to foo\\bar in the configuration? If so, this should probably better be reported and fixed upsteam, no?

mongoshrc.js is not provided at all by upstream. It is a pr user file that can be used to alter the interactive mongosh prompt.

But this modules manages the file to use it (and store the password) in the provider implementations ... Thats also why the file is managed by the server class ..

[h-haaks]

I think we should use a password with \ in the integration tests as well to verify that this is really working.

[stevenpost]

You mean that if I want to use the password foo\bar I must set the password to foo\\bar in the configuration?

Yes, that is correct. Most passwords at our site are autogenerated, and I happened to encounter one with a backslash.

I think we should use a password with \ in the integration tests as well to verify that this is really working.

Agreed, I'll add a test case.

[h-haaks]

Hmm, looking at this a second time it struck me that if we need to escape \ there probably is more special characters that need escaping ... Quick google I found https://www.javatpoint.com/javascript-special-characters Guess at least ', ", & should be escaped.

[stevenpost]

Since we are already in a single quoted string, I think only ' needs additional escaping. I'll add them all to the test, to be sure :)

[stevenpost]

Can we release this as a fix release? Something like 6.0.1?