nats.rs icon indicating copy to clipboard operation
nats.rs copied to clipboard

Published 20 hours ago verified publisher icon nats-io

The NATS url needs to manually percent decode the username and the password

Open paolobarbolini opened this issue 5 months ago • 1 comments

We've had this issue reported for lettre and I believe nats.rs has it too https://github.com/lettre/lettre/issues/931

The url crate doesn't percent decode the username and the password, so credentials containing characters like # don't work. Here the credentials should be percent decoded: https://github.com/nats-io/nats.rs/blob/8c783e05b21e1733b1f3453449df5580aaf3f886/async-nats/src/lib.rs#L1415-L1427

paolobarbolini avatar Jan 11 '24 18:01 paolobarbolini

Thanks for letting us know.

The impact should be really small, as if you're using ConnectOptions with username and password, we are not passing credentials in URL, but in Connect protocol message.

Only case that affects Rust NATS client is when someone manually passes username and password in the NATS url.

Jarema avatar Jan 12 '24 10:01 Jarema