Add support for dynamic password

porsager · porsager · commit b2ab9fbe11f4 · 2020-01-06T00:32:33.000+01:00
diff --git a/lib/backend.js b/lib/backend.js
@@ -153,9 +153,7 @@ function Backend({
 
   function Authentication(x) {
     const type = x.readInt32BE(5)
-    try {
-      type !== 0 && onauth(type, x, error)
-    } /* c8 ignore next */ catch (err) { error(err) }
+    type !== 0 && onauth(type, x, error)
   }
 
   function ParameterStatus(x) {
diff --git a/lib/connection.js b/lib/connection.js
@@ -56,8 +56,14 @@ function Connection(options = {}) {
       statements[backend.query.statement.sig] = backend.query.statement
   }
 
-  function onauth(type, x) {
-    socket.write(frontend.auth(type, x, options))
+  function onauth(type, x, onerror) {
+    Promise.resolve(
+      typeof options.pass === 'function'
+        ? options.pass()
+        : options.pass
+    ).then(pass =>
+      socket.write(frontend.auth(type, x, options, pass))
+    ).catch(onerror)
   }
 
   function end() {
diff --git a/lib/frontend.js b/lib/frontend.js
@@ -57,9 +57,9 @@ function connect({ user, database, connection }) {
     .end(0)
 }
 
-function auth(type, x, options) {
+function auth(type, x, options, pass) {
   if (type in auths)
-    return auths[type](type, x, options)
+    return auths[type](type, x, options, pass)
   /* c8 ignore next */
   throw errors.generic({
     message: 'Auth type ' + (authNames[type] || type) + ' not implemented',
@@ -68,23 +68,23 @@ function auth(type, x, options) {
   })
 }
 
-function AuthenticationCleartextPassword(type, x, { pass }) {
+function AuthenticationCleartextPassword(type, x, options, pass) {
   return bytes
     .p()
     .str(pass)
     .z(1)
     .end()
 }
 
-function AuthenticationMD5Password(type, x, { user, pass }) {
+function AuthenticationMD5Password(type, x, options, pass) {
   return bytes
     .p()
-    .str('md5' + md5(Buffer.concat([Buffer.from(md5(pass + user)), x.slice(9)])))
+    .str('md5' + md5(Buffer.concat([Buffer.from(md5(pass + options.user)), x.slice(9)])))
     .z(1)
     .end()
 }
 
-function SASL(type, x, options) {
+function SASL(type, x, options, pass) {
   bytes
     .p()
     .str('SCRAM-SHA-256' + N)
@@ -100,11 +100,11 @@ function SASL(type, x, options) {
     .end()
 }
 
-function SASLContinue(type, x, options) {
+function SASLContinue(type, x, options, pass) {
   const res = x.utf8Slice(9).split(',').reduce((acc, x) => (acc[x[0]] = x.slice(2), acc), {})
 
   const saltedPassword = crypto.pbkdf2Sync(
-    options.pass,
+    pass,
     Buffer.from(res.s, 'base64'),
     parseInt(res.i), 32,
     'sha256'
diff --git a/tests/index.js b/tests/index.js
@@ -301,6 +301,22 @@ t('Login using scram-sha-256', async() => {
   return [true, (await postgres({ ...options, ...login_scram })`select true as x`)[0].x]
 })
 
+t('Support dynamic password function', async() => {
+  return [true, (await postgres({
+    ...options,
+    ...login_scram,
+    pass: () => 'postgres_js_test_scram'
+  })`select true as x`)[0].x]
+})
+
+t('Support dynamic async password function', async() => {
+  return [true, (await postgres({
+    ...options,
+    ...login_scram,
+    pass: () => Promise.resolve('postgres_js_test_scram')
+  })`select true as x`)[0].x]
+})
+
 t('Point type', async() => {
   const sql = postgres({
     ...options,

Original file line number	Diff line number	Diff line change
`@@ -153,9 +153,7 @@ function Backend({`
`153`	`153`
`154`	`154`	`function Authentication(x) {`
`155`	`155`	`const type = x.readInt32BE(5)`
`156`		`- try {`
`157`		`- type !== 0 && onauth(type, x, error)`
`158`		`- } /* c8 ignore next */ catch (err) { error(err) }`
	`156`	`+ type !== 0 && onauth(type, x, error)`
`159`	`157`	`}`
`160`	`158`
`161`	`159`	`function ParameterStatus(x) {`