forked from brianc/node-postgres
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request brianc#2208 from sehrope/add-scram-tests
Add some SCRAM tests and enable them on travis
- Loading branch information
Showing
2 changed files
with
71 additions
and
34 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
100 changes: 67 additions & 33 deletions
100
packages/pg/test/integration/client/sasl-scram-tests.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,41 +1,75 @@ | ||
'use strict' | ||
var helper = require(__dirname + '/../test-helper') | ||
var pg = helper.pg | ||
const helper = require('./../test-helper') | ||
const pg = helper.pg | ||
const suite = new helper.Suite() | ||
const { native } = helper.args | ||
|
||
var suite = new helper.Suite() | ||
/** | ||
* This test only executes if the env variables SCRAM_TEST_PGUSER and | ||
* SCRAM_TEST_PGPASSWORD are defined. You can override additional values | ||
* for the host, port and database with other SCRAM_TEST_ prefixed vars. | ||
* If the variables are not defined the test will be skipped. | ||
* | ||
* SQL to create test role: | ||
* | ||
* SET password_encryption = 'scram-sha-256'; | ||
* CREATE ROLE scram_test login password 'test4scram'; | ||
* | ||
* Add the following entries to pg_hba.conf: | ||
* | ||
* host all scram_test ::1/128 scram-sha-256 | ||
* host all scram_test 0.0.0.0/0 scram-sha-256 | ||
* | ||
* Then run this file with after exporting: | ||
* | ||
* SCRAM_TEST_PGUSER=scram_test | ||
* SCRAM_TEST_PGPASSWORD=test4scram | ||
*/ | ||
|
||
/* | ||
SQL to create test role: | ||
// Base config for SCRAM tests | ||
const config = { | ||
user: process.env.SCRAM_TEST_PGUSER, | ||
password: process.env.SCRAM_TEST_PGPASSWORD, | ||
host: process.env.SCRAM_TEST_PGHOST, // optional | ||
port: process.env.SCRAM_TEST_PGPORT, // optional | ||
database: process.env.SCRAM_TEST_PGDATABASE, // optional | ||
} | ||
|
||
set password_encryption = 'scram-sha-256'; | ||
create role npgtest login password 'test'; | ||
if (native) { | ||
suite.testAsync('skipping SCRAM tests (on native)', () => {}) | ||
return | ||
} | ||
if (!config.user || !config.password) { | ||
suite.testAsync('skipping SCRAM tests (missing env)', () => {}) | ||
return | ||
} | ||
|
||
pg_hba: | ||
host all npgtest ::1/128 scram-sha-256 | ||
host all npgtest 0.0.0.0/0 scram-sha-256 | ||
*/ | ||
/* | ||
suite.test('can connect using sasl/scram', function () { | ||
var connectionString = 'pg://npgtest:test@localhost/postgres' | ||
const pool = new pg.Pool({ connectionString: connectionString }) | ||
pool.connect( | ||
assert.calls(function (err, client, done) { | ||
assert.ifError(err, 'should have connected') | ||
done() | ||
}) | ||
) | ||
suite.testAsync('can connect using sasl/scram', async () => { | ||
const client = new pg.Client(config) | ||
let usingSasl = false | ||
client.connection.once('authenticationSASL', () => { | ||
usingSasl = true | ||
}) | ||
await client.connect() | ||
assert.ok(usingSasl, 'Should be using SASL for authentication') | ||
await client.end() | ||
}) | ||
|
||
suite.test('sasl/scram fails when password is wrong', function () { | ||
var connectionString = 'pg://npgtest:bad@localhost/postgres' | ||
const pool = new pg.Pool({ connectionString: connectionString }) | ||
pool.connect( | ||
assert.calls(function (err, client, done) { | ||
assert.ok(err, 'should have a connection error') | ||
done() | ||
}) | ||
) | ||
suite.testAsync('sasl/scram fails when password is wrong', async () => { | ||
const client = new pg.Client({ | ||
...config, | ||
password: config.password + 'append-something-to-make-it-bad', | ||
}) | ||
let usingSasl = false | ||
client.connection.once('authenticationSASL', () => { | ||
usingSasl = true | ||
}) | ||
await assert.rejects( | ||
() => client.connect(), | ||
{ | ||
code: '28P01', | ||
}, | ||
'Error code should be for a password error' | ||
) | ||
assert.ok(usingSasl, 'Should be using SASL for authentication') | ||
}) | ||
*/ |