engine_url.URL does not support passwords with overridden str
Issue #4089
new
The engine_url.URL class makes use of the ord() function which cannot be overrridden. This is preventing the direct use of overridden str values. Here is a test case that illustrates the issue:
from sqlalchemy.engine import url as engine_url
class SecurePassword(str):
# any method that can be overridden by str to retrieve the value would be acceptable
def __str__(self):
return 'secured_password'
# The ord() function in _rfc_1738_quote() https://github.com/zzzeek/sqlalchemy/blob/master/lib/sqlalchemy/engine/url.py#L247
# is preventing the direct use of overridden strings
# https://stackoverflow.com/questions/1893816/how-to-override-ord-behaivour-in-python-for-str-childs
if __name__ == '__main__':
password = SecurePassword('password_key')
db_url = {
'drivername': 'mysql',
'host': 'localhost',
'port': '3306',
'username': 'root',
'password': password,
'database': 'test'
}
url = engine_url.URL(**db_url)
print(url)
assert str(url) == 'mysql://root:secured_password@localhost:3306/test'
Comments (1)
-
repo owner
- Log in to comment
we need to ensure the spec here covers the use cases that would be needed. for example, the simplest fix here would be that URL just runs str() on the incoming value, so that url.password is again a string and not a SecurePassword object. If OTOH you wanted url.password to remain this special object then that needs to be made part of the behavioral contract that we include in testing.