SASL/SCRAM authentication by andreme · Pull Request #1835 · brianc/node-postgres (original) (raw)
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Conversation12 Commits1 Checks0 Files changed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
[ Show hidden characters]({{ revealButtonHref }})
| @@ -0,0 +1,40 @@ |
|---|
| 'use strict' |
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure how this can be integrated into the test run? The role needs to be created with a scram-sha-256 password
The failing test for node 11 fails in other pr's too, so I assume it's not something I did
Hey if you rebase on master now the test should pass!
Can this please be merged? We are stuck because of #1508 right now. Thank you!
yup! Will look @ this today. Apologies for the delay!
@andreme this is really awesome! Thanks a lot for taking the time on this. Do you have any documentation on how to get the integration test to pass? I'd like to at least be able to run the integration test locally & once I figure that out I'll work out how to add a hook to run it in CI (if possible). Since it's auth related I'd really like to get this running "end-to-end" in tests so we can be sure we don't regress on this at any point. I think I need postgres@11.x at least...anything else I need to do? I'll see how much I can modify the postgres hba
edit: it looks like I basically have full access to the pg_hba.conf file on the travis box...so just gotta figure out some bash-foo & travis-ci incantations to get it set up correctly.
@brianc pg10 is the first version that has scram auth.
Basically, the setup is creating a user with a scram encrypted password, and adding the entries in the pg_hba for that user with scram auth. The template for that is in the test file.
Make sure the user entries come before any trust entries in the pg_hba.
gotcha!
Make sure the user entries come before any trust entries in the pg_hba.
good point. will do.
I'll start trying to get the CI stuff working today so we can merge this thing!
I'm going to merge this but hold off on releasing semver minor w/ this feature until I can get some tests running in CI. Reading about setting up postgres-10 in travis & configuring pg_hba.conf and stuff now...will hopefully have it set up today.
