Hello everyone,
I have encountered an odd behavior when using URL-encoded tokens as passwords for connections with Postgres; my application connects to a Postgres AWS RDS instance using a token that expires (
IAM Authentication). Specifically, if I set `cparams['password']` to a URL-encoded value in the `do_connect` event, the connection fails. However, it succeeds if the value isn't URL encoded. This seems inconsistent with how the engine handles URL-encoded values. Is this the intended behavior ?
If not, would the team be open to a PR that calls `unquote` on the `cparams['password'] when it's changed to ensure consistency ?
Here is a minimal example to illustrate the issue:
from sqlalchemy.orm import sessionmaker
from sqlalchemy import create_engine, event, text
from urllib.parse import quote
# Assume there is a db user `test` with some initial token
POSTGRES_HOST = 'localhost'
PORT = '5432'
USERNAME = 'test'
NEW_PASSWORD = '%2FH'
engine1 = create_engine(f"postgresql://{USERNAME}:some_token_that_expires@{POSTGRES_HOST}:{PORT}/esrf", echo=True)
@event.listens_for(engine1, 'do_connect')
def receive_do_connect(dialect, conn_rec, cargs, cparams):
# This doesn't work.
cparams['password'] = quote(NEW_PASSWORD)
with engine1.connect() as connection:
connection.execute(text('SELECT 1;'))
engine2 = create_engine(f"postgresql://{USERNAME}:some_token_that_expires@{POSTGRES_HOST}:{PORT}/esrf", echo=True)
@event.listens_for(engine2, 'do_connect')
def receive_do_connect(dialect, conn_rec, cargs, cparams):
# This works
cparams['password'] = NEW_PASSWORD
with engine2.connect() as connection:
connection.execute(text('SELECT 1;'))