[sqlalchemy] Connection issue with URL-encoded passwords in `do-connect` event

Fri, 03 Nov 2023 16:41:43 -0700 

Hello everyone,
I have encountered an odd behavior when using URL-encoded tokens as 
passwords for connections with Postgres; my application connects to a 
Postgres AWS RDS instance using a token that expires (IAM Authentication 
<https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html>).
 
Specifically, if I set `cparams['password']` to a URL-encoded value in the 
`do_connect` event, the connection fails. However, it succeeds if the value 
isn't URL encoded. This seems inconsistent with how the engine handles 
URL-encoded values. Is this the intended behavior ?
If not, would the team be open to a PR that calls `unquote` on the 
`cparams['password'] when it's changed to ensure consistency ? 
 
Here is a minimal example to illustrate the issue:

from sqlalchemy.orm import sessionmaker
from sqlalchemy import create_engine, event, text
from urllib.parse import quote

























*# Assume there is a db user `test` with some initial tokenPOSTGRES_HOST = 
'localhost'PORT = '5432'USERNAME = 'test'NEW_PASSWORD = '%2FH'engine1 = 
create_engine(f"postgresql://{USERNAME}:some_token_that_expires@{POSTGRES_HOST}:{PORT}/esrf",
 
echo=True)@event.listens_for(engine1, 'do_connect')def 
receive_do_connect(dialect, conn_rec, cargs, cparams):    # This doesn't 
work.    cparams['password'] = quote(NEW_PASSWORD)with engine1.connect() as 
connection:    connection.execute(text('SELECT 1;'))engine2 = 
create_engine(f"postgresql://{USERNAME}:some_token_that_expires@{POSTGRES_HOST}:{PORT}/esrf",
 
echo=True)@event.listens_for(engine2, 'do_connect')def 
receive_do_connect(dialect, conn_rec, cargs, cparams):    # This works    
cparams['password'] = NEW_PASSWORDwith engine2.connect() as connection:    
connection.execute(text('SELECT 1;'))*


-- 
SQLAlchemy - 
The Python SQL Toolkit and Object Relational Mapper

http://www.sqlalchemy.org/

To post example code, please provide an MCVE: Minimal, Complete, and Verifiable 
Example.  See  http://stackoverflow.com/help/mcve for a full description.
--- 
You received this message because you are subscribed to the Google Groups 
"sqlalchemy" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/sqlalchemy/6a124e8b-fabc-47b6-8e68-db939acc98f7n%40googlegroups.com.

Reply via email to