DB password special character bug

[GiannisDimitriou]

When a special character '@' exists in the sqlalchemy URI it is not store correctly in superset metastore.

example URI:
postgresql://:123@456@:5432/

Expected results

escape the special character correctly after saving the Database entry

Actual results

what actually happens.

Screenshots

If applicable, add screenshots to help explain your problem.

How to reproduce the bug

1. Go to Sources -> Datasources -> Create New
2. Construct the URI and make sure the password has '@' character.
3. Test Connection (Success)
4. Save Datasource
5. Open the newly created datasource
6. Test Connection (Failed)

In this stage if you replace the password part ('XXXXXXXXXX') in the URI with the actual password its working correctly

Environment

• superset version: 0.37.0rc1

[willbarrett]

Thanks for the report @GiannisDimitriou - if you have a recommended code fix we'd be really excited!

[villebro]

@GiannisDimitriou the password needs to be entered pre-quoted. You can check what the password/username would be when quoted with the following snippet:

>>> from urllib.parse import quote_plus
>>> quote_plus('my@password/with!weird\characters')
'my%40password%2Fwith%21weird%5Ccharacters'

While it would be simple to perform this quoting automatically, current users are relying on the existing functionality. I can open a PR explaining how to properly quote username/password, unless you wish to that is!

[mistercrunch]

Side note: I had a recent conversation with one of our designers and he mentioned the idea of moving away from URIs and having a more complete form with different fields for each component of the URI. Maybe an "advanced" option let's you use the URI if you prefer. Then the UI would quote things for you.

[GiannisDimitriou]

Side note: I had a recent conversation with one of our designers and he mentioned the idea of moving away from URIs and having a more complete form with different fields for each component of the URI. Maybe an "advanced" option let's you use the URI if you prefer. Then the UI would quote things for you.

@mistercrunch That's a very good idea, looking forward to help with requirement/testing if needed

@villebro Thanks for the snippet!

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. For admin, please label this issue .pinned to prevent stale bot from closing the issue.

[priteshwatch]

Hello, is there an update on this . my password has an asterix. I would atleast love to get a work around.

postgresql+psycopg2://test:test123**@play-domain.1.rds.amazonaws.com:5432/keymakerdb

[priteshwatch]

If I just escape the password, it works at connection time but does not recognize the password post connection. so essentially unusable.

[junlincc]

related #13456
#12034

[rajeshd-coditation]

Any workaround here?

[rajeshd-coditation]

For now - changed type of password field from being EncryptedType to String in superset/models/core.py

Before anyone uses this approach - please consider security risk here. I'm doing it for POC purposes.

[clgcn]

Same issue, our password contain %
We got error as below:
ValueError: invalid interpolation syntax in 'postgresql+psycopg2://username:xxx!xxx%@localhost:5432/superset' at position 56

[kaykumar]

same here, if password or username has '@' it does not seems to be working.

[villebro]

Did you try escaping the password string as explained above?

[kaykumar]

I was able to make it work via replacing the special character with url encode value.

example: "pass@word" should be changed to "pass%40word" in SQLALCHEMY URI* field.