fix(clickhouse): use unquote (not unquote_plus) for URL credentials; decode database#2436
fix(clickhouse): use unquote (not unquote_plus) for URL credentials; decode database#2436Bartok9 wants to merge 2 commits into
Conversation
…decode database The connection_url path decoded userinfo with unquote_plus, which turns a literal '+' into a space. In a URL, '+' only means space inside a query string — never in userinfo or the path — so a password like 'pw+1' was silently corrupted to 'pw 1' and auth failed. Switch to unquote (matching the mssql/mysql/oracle/trino connectors) and also decode the database name parsed from the path, which was passed through raw.
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
WalkthroughThe ClickHouse connector now percent-decodes username, password, and database URL segments with ChangesClickHouse credential decoding
Estimated code review effort: 2 (Simple) | ~10 minutes Possibly related PRs
Suggested reviewers: Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Summary
connection_urlpath now decodes userinfo withunquoteinstead ofunquote_plus, and alsounquotes the database name parsed from the path.+, and a missing-decode bug for percent-encoded database names.Motivation
In
_build_clickhouse_client_kwargs(core/wren/src/wren/connector/clickhouse.py), the URL username/password were decoded withunquote_plus. But+only means "space" inside a URL query string — never in the userinfo or path (RFC 3986). So a password likepw+1(written literally in the URL) was silently turned intopw 1, and authentication failed with no clear cause.Every other connector in this package (mssql, mysql, oracle, trino) uses plain
unquotefor exactly this reason. This brings ClickHouse in line.Separately, the
databasename parsed from the URL path was passed through raw (never decoded), so a percent-encoded database name (e.g.my%20analytics) reached ClickHouse verbatim.unquotestill decodes%20→space,%40→@, etc., so the existing decode test continues to pass unchanged.Verification
Real output on current
upstream/main(fix reverted, tests present):With the fix applied:
+preserved; database path decoded); the pre-existing%40/%20decode test still passes.core/**).Summary by CodeRabbit
+characters in credential userinfo instead of converting them to spaces.+handling in credentials and percent-decoding of database names.