CSHARP-3228 / CSHARP-3239: Avoid double-escaping connection string options when merging in options from a TXT record.

Author: JamesKovacs

src/MongoDB.Driver.Core/Core/Configuration/ConnectionString.cs

@@ -556,9 +556,7 @@ public string GetOption(string name)
             }
 
             var txtRecords = _dnsResolver.ResolveTxtRecords(host, cancellationToken);
-            var options = GetOptionsFromTxtRecords(txtRecords);
-
-            var resolvedOptions = GetResolvedOptions(options);
+            var resolvedOptions = GetResolvedOptionsFromTxtRecords(txtRecords);
 
             return BuildResolvedConnectionString(resolvedScheme, hosts, resolvedOptions);
         }
@@ -606,9 +604,7 @@ public string GetOption(string name)
             }
 
             var txtRecords = await _dnsResolver.ResolveTxtRecordsAsync(host, cancellationToken).ConfigureAwait(false);
-            var options = GetOptionsFromTxtRecords(txtRecords);
-
-            var resolvedOptions = GetResolvedOptions(options);
+            var resolvedOptions = GetResolvedOptionsFromTxtRecords(txtRecords);
 
             return BuildResolvedConnectionString(resolvedScheme, hosts, resolvedOptions);
         }
@@ -655,9 +651,9 @@ private ConnectionString BuildResolvedConnectionString(ConnectionStringScheme re
             mergedOptions.AddRange(
                 resolvedOptions
                 .AllKeys
-                .SelectMany(x => resolvedOptions
-                    .GetValues(x)
-                    .Select(y => $"{x}={Uri.EscapeDataString(y)}")));
+                .SelectMany(key => resolvedOptions
+                    .GetValues(key)
+                    .Select(value => $"{key}={Uri.EscapeDataString(value)}")));
 
             if (mergedOptions.Count > 0)
             {
@@ -732,8 +728,10 @@ private void ExtractOptions(Match match)
             foreach (Capture option in match.Groups["option"].Captures)
             {
                 var parts = option.Value.Split('=');
-                _allOptions.Add(parts[0], parts[1]);
-                ParseOption(parts[0].Trim(), Uri.UnescapeDataString(parts[1].Trim()));
+                var name = parts[0].Trim();
+                var value = Uri.UnescapeDataString(parts[1].Trim());
+                _allOptions.Add(name, value);
+                ParseOption(name, value);
             }
         }
 
@@ -1254,23 +1252,20 @@ private List<string> GetHostsFromSrvRecords(IEnumerable<SrvRecord> srvRecords)
             return hosts;
         }
 
-        private List<string> GetOptionsFromTxtRecords(List<TxtRecord> txtRecords)
+        private NameValueCollection GetResolvedOptionsFromTxtRecords(IReadOnlyCollection<TxtRecord> txtRecords)
         {
             if (txtRecords.Count > 1)
             {
                 throw new MongoConfigurationException("Only 1 TXT record is allowed when using the SRV protocol.");
             }
 
-            return txtRecords.Select(tr => tr.Strings.Aggregate("", (acc, s) => acc + Uri.UnescapeDataString(s))).ToList();
-        }
+            var txtRecord = txtRecords.FirstOrDefault();
 
-        private NameValueCollection GetResolvedOptions(List<string> options)
-        {
             // Build a dummy connection string in order to parse the options
             var dummyConnectionString = "mongodb://localhost/";
-            if (options.Count > 0)
+            if (txtRecord != null)
             {
-                dummyConnectionString += "?" + string.Join("&", options);
+                dummyConnectionString += "?" + string.Join("", txtRecord.Strings);
             }
             var dnsConnectionString = new ConnectionString(dummyConnectionString);
             ValidateResolvedOptions(dnsConnectionString.AllOptionNames);

tests/MongoDB.Driver.Core.Tests/Core/Configuration/ConnectionStringTests.cs

@@ -22,6 +22,7 @@
 using FluentAssertions;
 using MongoDB.Bson;
 using MongoDB.Bson.TestHelpers;
+using MongoDB.Bson.TestHelpers.XunitExtensions;
 using MongoDB.Driver.Core.Clusters;
 using MongoDB.Driver.Core.Compression;
 using Xunit;
@@ -66,6 +67,9 @@ public void constructor_should_throw_when_isResolved_is_invalid()
         [InlineData("mongodb://test5.test.build.10gen.cc", "mongodb://test5.test.build.10gen.cc", true)]
         [InlineData("mongodb+srv://test5.test.build.10gen.cc", "mongodb://localhost.test.build.10gen.cc:27017/?replicaSet=repl0&authSource=thisDB&tls=true", false)]
         [InlineData("mongodb+srv://test5.test.build.10gen.cc", "mongodb://localhost.test.build.10gen.cc:27017/?replicaSet=repl0&authSource=thisDB&tls=true", true)]
+        [InlineData("mongodb+srv://test5.test.build.10gen.cc/?authSource=$external", "mongodb://localhost.test.build.10gen.cc:27017/?replicaSet=repl0&authSource=%24external&tls=true", false)]
+        [InlineData("mongodb+srv://test5.test.build.10gen.cc/?authSource=%24external", "mongodb://localhost.test.build.10gen.cc:27017/?replicaSet=repl0&authSource=%24external&tls=true", false)]
+        [InlineData("mongodb+srv://test5.test.build.10gen.cc/?authSource=$external&authMechanism=MONGODB-AWS", "mongodb://localhost.test.build.10gen.cc:27017/?replicaSet=repl0&authSource=%24external&authMechanism=MONGODB-AWS&tls=true", false)]
         public void Resolve_should_return_expected_result(string connectionString, string expectedResult, bool async)
         {
             var subject = new ConnectionString(connectionString);
@@ -84,6 +88,26 @@ public void Resolve_should_return_expected_result(string connectionString, strin
             result.ToString().Should().Be(expectedResult);
         }
 
+        [Theory]
+        [ParameterAttributeData]
+        public void Resolve_against_mongodb_aws_session_token_should_return_the_expected_aws_session_token([Values(false, true)] bool escapeToken)
+        {
+            const string authMechanism = "MONGODB-AWS";
+            const string username = "AKIAIOSFODNN7EXAMPLE";
+            const string password = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY";
+            const string awsSessionToken = "AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtpZ3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAE";
+
+            var preparedToken = escapeToken ? Uri.EscapeDataString(awsSessionToken) : awsSessionToken;
+            var uri = $"mongodb+srv://{username}:{Uri.EscapeDataString(password)}@test5.test.build.10gen.cc/test?authSource=$external&authMechanism={authMechanism}&authMechanismProperties=AWS_SESSION_TOKEN:{preparedToken}";
+            var connectionString = new ConnectionString(uri);
+
+            var result = connectionString.Resolve();
+
+            result.AuthMechanism.Should().Be(authMechanism);
+            result.Username.Should().Be(username);
+            result.AuthMechanismProperties["AWS_SESSION_TOKEN"].Should().Be(awsSessionToken);
+        }
+
         [Theory]
         [InlineData("mongodb://test5.test.build.10gen.cc", false, "mongodb://test5.test.build.10gen.cc", false)]
         [InlineData("mongodb://test5.test.build.10gen.cc", false, "mongodb://test5.test.build.10gen.cc", true)]

tests/MongoDB.Driver.Tests/MongoClientSettingsTests.cs

@@ -20,6 +20,7 @@
 using System.Threading;
 using FluentAssertions;
 using MongoDB.Bson;
+using MongoDB.Bson.TestHelpers.XunitExtensions;
 using MongoDB.Driver.Core.Clusters;
 using MongoDB.Driver.Core.Compression;
 using MongoDB.Driver.Core.Configuration;
@@ -560,6 +561,26 @@ public void TestFromUrlResolving(string connectionString, ConnectionStringScheme
             result.Scheme.Should().Be(expectedScheme);
         }
 
+        [Theory]
+        [ParameterAttributeData]
+        public void TestFromUrlWithMongoDBAWS_should_parse_credentials_correctly([Values(false, true)] bool escapeToken)
+        {
+            const string authMechanism = "MONGODB-AWS";
+            const string username = "AKIAIOSFODNN7EXAMPLE";
+            const string password = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY";
+            const string awsSessionToken = "AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtpZ3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAE";
+
+            var preparedToken = escapeToken ? Uri.EscapeDataString(awsSessionToken) : awsSessionToken;
+            var uri = $"mongodb+srv://{username}:{Uri.EscapeDataString(password)}@awssessiontokentest.example.net/test?authSource=$external&authMechanism={authMechanism}&authMechanismProperties=AWS_SESSION_TOKEN:{preparedToken}";
+            var url = new MongoUrl(uri);
+
+            var result = MongoClientSettings.FromUrl(url).Credential;
+
+            result.Mechanism.Should().Be(authMechanism);
+            result.Username.Should().Be(username);
+            result.GetMechanismProperty("AWS_SESSION_TOKEN", string.Empty).Should().Be(awsSessionToken);
+        }
+
         [Fact]
         public void TestFrozenCopy()
         {