Test SCRAM iteration changes with psql \password

danielgustafsson · danielgustafsson · commit bf5a894c5571 · 2023-04-07T22:14:23.000+02:00
A version of this test was included in the original patch for altering SCRAM iteration count, but was omitted due to how interactive psql TAP sessions worked before being refactored. Discussion: https://postgr.es/m/20230130194350.zj5v467x4jgqt3d6@awork3.anarazel.de Discussion: https://postgr.es/m/F72E7BC7-189F-4B17-BF47-9735EB72C364@yesql.se
diff --git a/src/test/authentication/t/001_password.pl b/src/test/authentication/t/001_password.pl
@@ -101,6 +101,32 @@ sub test_conn
 	 WHERE rolname = 'scram_role_iter'");
 is($res, 'SCRAM-SHA-256$1024:', 'scram_iterations in server side ROLE');
 
+# If we don't have IO::Pty, forget it, because IPC::Run depends on that
+# to support pty connections
+SKIP:
+{
+	skip "IO::Pty required", 1 unless eval { require IO::Pty; };
+
+	# Alter the password on the created role using \password in psql to ensure
+	# that clientside password changes use the scram_iterations value when
+	# calculating SCRAM secrets.
+	my $session = $node->interactive_psql('postgres');
+
+	$session->set_query_timer_restart();
+	$session->query("SET password_encryption='scram-sha-256';");
+	$session->query("SET scram_iterations=42;");
+	$session->query_until(qr/Enter new password/, "\\password scram_role_iter\n");
+	$session->query_until(qr/Enter it again/, "pass\n");
+	$session->query_until(qr/postgres=# /, "pass\n");
+	$session->quit;
+
+	$res = $node->safe_psql('postgres',
+		"SELECT substr(rolpassword,1,17)
+		 FROM pg_authid
+		 WHERE rolname = 'scram_role_iter'");
+	is($res, 'SCRAM-SHA-256$42:', 'scram_iterations in psql \password command');
+}
+
 # Create a database to test regular expression.
 $node->safe_psql('postgres', "CREATE database regex_testdb;");
 
