Special characters in user/password causes uri parsing error

[Brady Connelly]

The RabbitMQ Broker I'm running on Amazon MQ, allows passwords for a default user containing special characters such as '?'. However, in both the elixir and go packages, I cannot successfully connect if my connection string contains a user/password with a '?' character. In my testing it also seems that the '@' character will cause similar issues. 

Is there a spec for usernames/passwords that disallowed certain special characters that I missed? If so is this an issue with Amazon MQ allowing an illegal password to begin with? I looked into the RabbitMQ docs and the RFC spec for the underlying auth mechanism that RabbitMQ uses, but I couldn't find anything that seemed to indicate that those characters are disallowed.

I was able to trace my issue issue to the underlying uri parsing functions in both packages (goLang, elixir). It seems with both parsing functions, they split the incoming connection string on '?' in an attempt to get a query string but if a ? appears anywhere else in the connection string it will result in a parsing error or an incorrectly parsed connection string(goLang (line 519-524), elixir).

I was able to get things working by changing the passwords to not have any special characters. I was also able to get the elixir connection working with passwords with '?' characters by passing a list of connection information instead of a string. From what I can tell the same option isn't available in the go package.

[Luke Bakken]

Hi Brady,

Could you provide us with exact details about how you set the password using a ? or @ character? I can then reproduce what you're reporting. I could guess how you did it but I want to be sure to follow the same steps.

Also, let us know what version of RabbitMQ you're using.

My guess is that if you use a ? character in a password you'll have to URI-encode it when using it in an amqp:// URI.

Thanks -

Luke

[Brady Connelly]

Hey Luke,

Thanks for the response! I was able to confirm locally that uri encoding a password that contains a '?' will allow me to connect using an amqp:// uri. Thanks for the suggestion! Not sure why that didn't cross my mind but it makes sense.

If you're still curious and would like to try and reproduce:

My AmazonMQ instance is running v3.9.16 of RabbitMQ. It's managed through terraform, which is how I initially created the user and set the password with a '?'. I used terraform's random_password resource to generate the password, I then added a user with that password to the aws_mq_broker resource so that user was created when I terraformed the broker. 

I was also able to create a user that had a '?' in its password in my local env through the management console. My local env is running RabbitMQ v3.10.6 in a docker container using the official `rabbitmq:management` image.

Thanks again,

Brady