-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit 7bd5dd4
Handle SASL SCRAM server error responses
Add proper error handling for SCRAM-SERVER-FINAL-MESSAGE error attribute.
The SCRAM specification allows servers to return error messages via the 'e'
attribute in the server final message. Currently, these errors are ignored
and authentication fails later during signature verification.
Postgres typically doesn't return this error (see [here](https://github.com/postgres/postgres/blob/2047ad068139f0b8c6da73d0b845ca9ba30fb33d/src/backend/libpq/auth-scram.c#L423)
on why), but poolers, or other applications using the postgres protocol might,
and it's part of the SCRAM spec, so it probably makes sense for node-postgres
to handle it.
Aligns behaviour with psql, postgrex, and somewhat with pgJDBC
(pgJDBC in particular is stricter with scram errors).
For reference:
- libpq handling it: https://github.com/postgres/postgres/blob/2047ad068139f0b8c6da73d0b845ca9ba30fb33d/src/interfaces/libpq/fe-auth-scram.c#L708 1 parent 27a2754 commit 7bd5dd4
File tree
2 files changed
+23
-0
lines changed- packages/pg
- lib/crypto
- test/unit/client
2 files changed
+23
-0
lines changedLines changed: 6 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
178 | 178 | | |
179 | 179 | | |
180 | 180 | | |
181 | + | ||
181 | 182 | | |
183 | + | ||
184 | + | ||
185 | + | ||
186 | + | ||
187 | + | ||
182 | 188 | | |
183 | 189 | | |
184 | 190 | | |
| |||
Lines changed: 17 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
284 | 284 | | |
285 | 285 | | |
286 | 286 | | |
287 | + | ||
288 | + | ||
289 | + | ||
290 | + | ||
291 | + | ||
292 | + | ||
293 | + | ||
294 | + | ||
295 | + | ||
296 | + | ||
297 | + | ||
298 | + | ||
299 | + | ||
300 | + | ||
301 | + | ||
302 | + | ||
303 | + | ||
287 | 304 | | |
288 | 305 | | |
289 | 306 | | |
| |||
0 commit comments